Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 62
45
frame-ancestors 'self' 25
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 24
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 18
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 17
img-src 'self' blob: data: *.pinimg.com *.pinterest.com *.google.com *.facebook.com *.cedexis.com *.cedexis-test.com *.citrix.com *.tvpixel.com; report-uri /_/_/csp_report/?reportonly 14
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 13
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com www.googletagmanager.com https://js.digitalriverws.com 'self' 'unsafe-inline'; style-src *.adobe.com https://js.digitalriverws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests ; script-src bam.nr-data.net js-agent.newrelic.com cdn.spectrumcustomizer.com js.monitor.azure.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms www.paypal.com www.paypalobjects.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://js.digitalriverws.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src assets.xboxservices.com *.adobe.com 'self' 'unsafe-inline'; img-src images-xboxdesignlab.xbox.com spectrumcustomizer.com cdn.spectrumcustomizer.com api.spectrumcustomizer.com www.colorhexa.com blob: c.bing.com c1.microsoft.com c.xbox.com stospectprodglobal.blob.core.windows.net t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://ui1.img.digitalrivercontent.net data: 'self' 'unsafe-inline'; connect-src bam.nr-data.net api.spectrumcustomizer.com cdn.spectrumcustomizer.com spectrumcustomizer.com www.paypal.com browser.events.data.microsoft.com client.spectrumcustomizer.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms q.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com 'self' 'unsafe-inline'; 13
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src *.facebook.com/static_resources/webworker_v1/init_script/ *.facebook.com/static_resources/webworker/init_script/ *.facebook.com/static_resources/sharedworker/init_script/ *.facebook.com/static_resources/webworker/map_libre/ *.facebook.com/static_resources/webworker/map_libre_rtl/ *.facebook.com/sw/ *.facebook.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 9
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 9
default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com connect.facebook.net script.hotjar.com sgtm.spotler.nl static.hotjar.com static.addtoany.com kit.fontawesome.com *.gatorleads.co.uk squeezely.tech snap.licdn.com bat.bing.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.hs-scripts.com consent.cookiebot.com www.clarity.ms webchat.eazy.im unpkg.com region1.google-analytics.com *.clarity.ms *.cookiebot.eu *.cookiebot.com guru.communigator.co.uk widget.trustpilot.com static.ads-twitter.com www.buzzsprout.com www.youtube.com *.spotler.co.uk *.tawk.to static.oktopost.com t.wowanalytics.co.uk www.clickcease.com okt.to www.gstatic.com cdn.jsdelivr.net *.mailplus.nl *.calendly.com *.google.com google.com cdn.leadinfo.net *.spotlerleads.nl spotlerscript.com *.recruiteecdn.com *.cloudflare.com *.calconic.com *.cloudfront.net platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: assets.calendly.com www.gstatic.com me.kis.v2.scr.kaspersky-labs.com *.tawk.to *.calendly.com webchat.eazy.im *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: forms.hsforms.com sgtm.spotler.nl *.usercentrics.eu t.squeezely.tech www.facebook.com bat.bing.com px.ads.linkedin.com imgsct.cookiebot.com googleads.g.doubleclick.net www.google.com.sg *.clarity.ms www.google.nl *.spotler.co.uk *.spotler.com *.spotler.nl t.co analytics.twitter.com *.tawk.to *.calendly.com signon.communigator.co.uk *.bing.com secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' js.hs-banner.com api.hubspot.com forms.hscollectedforms.net consentcdn.cookiebot.com *.fontawesome.com sgtm.spotler.nl content.hotjar.io wss://ws.hotjar.com bat.bing.com px.ads.linkedin.com *.google.com vc.hotjar.io consentcdn.cookiebot.eu *.clarity.ms region1.google-analytics.com webchat.eazy.im www.googleadservices.com *.tawk.to google.com google.co.uk google.nl www.google.co.uk www.google.nl www.facebook.com *.calendly.com *.smooch.io *.leadinfo.net *.leadinfo.com *.communigator.co.uk wss://*.tawk.to *.calconic.com *.recruitee.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: ka-f.fontawesome.com *.tawk.to webchat.eazy.im data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' static.addtoany.com consentcdn.cookiebot.com consentcdn.cookiebot.eu td.doubleclick.net www.spotlerpages.com www.youtube-nocookie.com www.buzzsprout.com 8935560.fls.doubleclick.net cgt.bz *.calendly.com calendly.com *.communigator.co.uk google.com *.google.com www.google.com *.tawk.to www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' *.communigator.co.uk communigator.co.uk; block-all-mixed-content; report-uri https://spotler.nl/?gdsih-csp-report; 9
default-src 'self' 9
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com blob: *.fbsbx.com android-webview-video-poster: *.giphy.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;worker-src *.instagram.com/static_resources/webworker_v1/init_script/ *.instagram.com/static_resources/webworker/init_script/ *.instagram.com/static_resources/sharedworker/init_script/ *.instagram.com/www-service-worker.js;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 8
report-uri /report-csp-violation 8
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https:; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 6
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 6
font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.trustpilot.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 6
default-src 'self'; report-to /testcspviolation/ 6
font-src https://www.gstatic.com https://fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://www.google.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 6
default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline'  https://static.zdassets.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 5
default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; media-src 'self'; frame-src 'self' gateway.switch.tj *.worldpay.com *.accdab.net *.trustarc.com *.youtube.com youtu.be; font-src 'self' *.trustarc.com https://fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.accdab.net *.trustarc.com bam.nr-data.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com; report-uri /report-uri/enforce 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 5
default-src 'self'; img-src 'self' *.ytimg.com t.co *.twitter.com *.onetrust.com *.calconic.com *.hotjar.com *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' 'unsafe-inline' *.geoip-js.com geoip-js.com *.trustpilot.com *.onetrust.com *.calconic.com *.hotjar.com cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.onetrust.com widget.trustpilot.com *.convertexperiments.com munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com connect.facebook.net *.facebook.net *.ads-twitter.com *.ipify.org *.demandbase.com; style-src 'self' 'unsafe-inline' *.salesforce.com *.calconic.com *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' data: *.typekit.net *.hotjar.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com pro.fontawesome.com; worker-src 'self' blob:; connect-src *.geoip-js.com geoip-js.com *.demandbase.com *.onetrust.com *.calconic.com *.hotjar.com *.hotjar.io *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net connect.facebook.net; frame-src *.salesforce.com *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com *.trustpilot.com; 5
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com static.zdassets.com connect.facebook.net rum-static.pingdom.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io beacon-audiences.magento-ds.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com u.clarity.ms get.geojs.io stats.g.doubleclick.net ekr.zdassets.com slacorp.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net kickssupport.zendesk.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/ bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com *.adyen.com www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ https://app.usercentrics.eu/ data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ *.usercentrics.eu/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.adyen.com *.googleapis.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com *.googleapis.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.gstatic.com *.ppl.cz 'self' data: chat.fcc-online.pl https://geowidget.easypack24.net 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com secure.payu.com merch-prod.snd.payu.com chat.fcc-online.pl *.criteo.com *.criteo.net *.domodi.pl *.doubleclick.net facebook.com *.facebook.com fledge-eu.creativecdn.com *.google.com *.googlesyndication.com *.hotjar.com imgstatic.eu opineo.pl *.opineo.pl *.payu.com tradedoubler.com *.tradedoubler.com *.paypo.pl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.alothemes.com *.magepow.com https://www.magezon.com static.payu.com *.1rx.io *.360yield.com *.3lift.com *.ad.smaato.net *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adtarget.com.tr *.analytics.google.com api.mapy.cz *.betweendigital.com *.bidswitch.net *.bing.com *.casalemedia.com cm.mgid.com *.creativecdn.com *.criteo.com *.dmp.otm-r.com *.docomo.ne.jp *.domodi.pl *.doubleclick.net *.e-planning.net *.facebook.com *.facebook.net *.gemius.pl *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.gstatic.com hbx.media.net imgstatic.eu *.lijit.com *.loopme.me *.mobfox.com *.omnitagjs.com onetag-sys.com *.openx.net *.outbrain.com pixel.advertising.com pixel.rubiconproject.com *.ppl.cz *.pubmatic.com *.rmp.rakuten.com *.s3xified.com 'self' data: *.seznam.cz *.sharethrough.com *.smartadserver.com *.taboola.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com *.trustx.org *.udmserve.net unpkg.com ups.analytics.yahoo.com *.visx.net *.wp.pl *.yieldmo.com widgets.trustedshops.com integrations.etrusted.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.avada.io *.alothemes.com *.magepow.com secure.payu.com secure.snd.payu.com api.mapy.cz *.bing.com chat.fcc-online.pl *.criteo.com *.criteo.net delivery.clickonometrics.pl *.domodi.pl *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com imgstatic.eu integrations.etrusted.com js-agent.newrelic.com library.startquestion.com bam.eu01.nr-data.net opineo.pl *.opineo.pl *.ppl.cz *.seznam.cz static.payu.com tagmanager.google.com tags.creativecdn.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com unpkg.com *.vimeo.com widgets.trustedshops.com *.wp.pl www.clarity.ms ssl.ceneo.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrcdn.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.googleapis.com integrations.etrusted.com *.ppl.cz chat.fcc-online.pl fonts.googleapis.com tagmanager.google.com https://geowidget.easypack24.net *.snrcdn.net *.gstatic.com https://www.google-analytics.com https://www.google.com https://www.snrcdn.net https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thulium.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com secure.payu.com merch-prod.snd.payu.com ams.creativecdn.com *.analytics.google.com api.dhl.com api.mapy.cz app.startquestion.com chat.fcc-online.pl creativecdn.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io integrations.etrusted.com measurement-api.criteo.com bam.eu01.nr-data.net *.opineo.pl *.payu.com *.thulium.com *.tiktok.com unpkg.com wss2.hotjar.com wss://chat.fcc-online.pl wss://chat-proxy-service.thulium.com wss://ws16.hotjar.com wss://ws36.hotjar.com wss://wsp10.hotjar.com y.clarity.ms *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com 'self' 'unsafe-inline'; child-src *.domodi.pl imgstatic.eu tradedoubler.com *.tradedoubler.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri chat.fcc-online.pl 'self' 'unsafe-inline'; 5
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 4
frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 4
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 4
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 4
report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.newrelic.com https://*.usabilla.com http://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://cdn.polyfill.io https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io; frame-ancestors 'self'; report-uri /api/csp_report; 4
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 4
default-src 'self' https://litium.revolutionrace.se *.tycka.io *.cdn-sitegainer.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.google-analytics.com s.pinimg.com bat.bing.com *.facebook.net *.tiktok.com *.revolutionrace.se *.googleadservices.com sc-static.net cdn.jsdelivr.net *.cloudflare.com *.criteo.net *.criteo.com *.snapchat.com *.distancify.workers.dev ct.pinterest.com *.doubleclick.net fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.bambuser.com *.facebook.com *.apptus.cloud recommender.scarabresearch.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.sitegainer.com *.scarabresearch.com *.emarsys.net *.symplify.com pro.ip-api.com *.pinterest.com cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.imedia.cz www.seznam.cz fonts.googleapis.com www.pinterest.se maxcdn.bootstrapcdn.com ajax.googleapis.com *.spinnaker-js.com *.kindlycdn.com player.vimeo.com vimeo.com *.kindly.ai ws-eu.pusher.com wss://sage.kindly.ai wss://ws-eu.pusher.com *.klarnaevt.com js.klarna.com *.adyen.com *.storyblok.com js.stripe.com fonts.gstatic.com *.revolutionrace.com *.digitaloceanspaces.com presumably-romantic-eel.edgecompute.app cust-revolutionrace.web.app www.paypal.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://* 'self'; media-src https://*; connect-src *; 4
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 4
report-uri /report-csp-violation; upgrade-insecure-requests 4
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 4
frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com *.dotdigital-pages.com dotdigital-pages.com gum.criteo.com fledge.eu.criteo.com 4
default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 3
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 3
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 3
default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net https://public.flourish.studio/resources/embed.js; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self' https://www.youtube.com; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io https://translate.googleapis.com; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 3
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 3
frame-ancestors 'self' ; object-src 'none' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 3
default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com fonts.googleapis.com www.google.com www.google.it www.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com cdn.matomo.cloud irideos.matomo.cloud googleads.g.doubleclick.net *.leadchampion.com; report-to csp~irideos.it 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 3
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 3
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.cartaoriocard.com.br *.facebook.net cdn.cookielaw.org www.googletagmanager.com www.google-analytics.com riocard-crr-5339.twil.io *.linkedin.com *.riocardmais.com.br www.google.com www.youtube.com *.gstatic.com cdnjs.cloudflare.com newassets.hcaptcha.com www.riocard.com adservice.google.com *.onetrust.com maxcdn.bootstrapcdn.com ssl.google-analytics.com www.google.com.br s3.amazonaws.com js.hcaptcha.com *.licdn.com analytics.google.com code.jquery.com use.typekit.net *.googleapis.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 3
default-src 'self';           script-src 'self' 'unsafe-eval' 'unsafe-inline' pt www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org;           connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net api.userway.org;           img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net dashboard.umbraco.org fonts.gstatic.com cdn.userway.org;                       style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com www.googletagmanager.com cdn.userway.org;           font-src 'self' fonts.gstatic.com *.trustarc.com cdn.userway.org;           frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com *.trustarc.com *.inmoment.com cdn.userway.org;           worker-src blob:;           report-uri /umbraco/Surface/CSPReport/SaveCSPReport; 3
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.net * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu *.hsforms.net *.hsforms.com * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com jquery.sellxed.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.facebook.net *.licdn.com *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.facebook.net t.elasticsuite.io *.hsforms.net *.hsforms.com * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 3
script-src 'self' 3
upgrade-insecure-requests 3
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/wizard; 3
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://rebilly.github.io https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 3
default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ p.typekit.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 3
default-src 'self'; 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 3
default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.mc-win888.com; report-uri /csp_reports 3
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src https://creativecdn.com/ https://td.doubleclick.net/ https://gum.criteo.com/ https://fledge.eu.criteo.com/ https://www.google.com/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.revolut.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; connect-src https://ping.contactpigeon.com/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://a.omappapi.com/ https://site-script.esputnik.com/ https://api.omappapi.com/ https://measurement-api.criteo.com/ https://analytics.tiktok.com/ https://q.clarity.ms/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src https://as.adwise.bg/servlet/ https://ping.contactpigeon.com/ https://www.glami.bg/ https://www.google.com/ https://www.google.bg/ https://as.adwise.bg/ https://www.glami.gr/ https://www.glami.hr/ https://www.glami.cz/ https://www.glami.hu/ https://www.glami.si/ https://www.glami.sk/ https://www.glami.ro/ https://cm.g.doubleclick.net/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://r.casalemedia.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.360yield.com/ https://matching.ivitrack.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://jadserve.postrelease.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://eb2.3lift.com/ https://ad.yieldlab.net/ https://sync-criteo.ads.yieldmo.com/ https://e1.emxdgt.com/ https://c1.adform.net/ https://dis.criteo.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com *.alothemes.com *.magepow.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src https://ping.contactpigeon.com/bi/modal2.css https://a.omappapi.com/ *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; script-src https://www.steelslitting.com/wp-content/jquery.min.js https://ping.contactpigeon.com/ https://i.adwise.bg/ https://chimpstatic.com/ https://www.steelslitting.com/ https://googleads.g.doubleclick.net/ https://www.glami.bg/ https://a.omappapi.com/ https://dynamic.criteo.com/ https://www.glami.ro/ https://sslwidget.criteo.com/ https://www.clarity.ms/ https://analytics.tiktok.com/ https://www.glami.gr/ https://statics.esputnik.com/ assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com maps.googleapis.com *.revolut.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2
default-src chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval';style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data:;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob:;worker-src *.messenger.com/static_resources/webworker_v1/init_script/ *.messenger.com/static_resources/webworker/init_script/ *.messenger.com/static_resources/sharedworker/init_script/ *.messenger.com/static_resources/webworker/map_libre/ *.messenger.com/static_resources/webworker/map_libre_rtl/ *.messenger.com/sw/ *.messenger.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2
default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://accounts.google.com https://analytics.google.com https://api.amplitude.com https://bi-beta.pst.tech https://bi.pst.tech https://bifrost-https-v4.gw.postman.com https://blog.postman.com https://cdn.cookielaw.org https://cdn.metadata.io https://dl.pstmn.io https://eo2kpuahxhuvgexlueall7gqzq0fihon.lambda-url.us-east-1.on.aws https://events.gw.postman.com https://events.rm-api.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://identity.getpostman-beta.com https://identity.getpostman.com https://lp.postman.com https://munchkin.marketo.net https://pages.getpostman.com https://player.twitch.tv https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com/px/ https://manifest.webmanifest https://ms1frkqnsp7r.statuspage.io https://run.pstmn.io https://script.hotjar.com https://skills-assets.pstmn.io https://st-ar.cdn.postman.com https://static.cloudflareinsights.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://vc.hotjar.io https://voyager.postman.com https://web.postman.com https://www.googletagmanager.com https://www.slideshare.net https://snap.licdn.com https://www.google.com https://www.youtube.com https://youtube.com/ https://www.postman.com https://snap.licdn.com/ https://i.ytimg.com https://platformapi.metadata.io https://maps.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://bam.nr-data.net https://js-agent.newrelic.com https://video.ibm.com https://mkt.cdn.postman.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 2
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2
base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 2
default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 2
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com https://checkout.stripe.com https://checkout.stripe.dev; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 2
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://*.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://*.hotjar.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vod.video-cdn.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://*.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://*.hotjar.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: google.com bat.bing.com *.googleapis.com *.casalemedia.com www.googleoptimize.com www.youtube.com *.facebook.com *.doubleclick.net www.google.com *.googleadservices.com *.gstatic.com tag.demandbase.com www.googletagmanager.com munchkin.marketo.net *.licdn.com *.mktoresp.com www.google.co.uk api.company-target.com *.facebook.net www.baesystems.com *.rubiconproject.com www.google.co.in cdn.cookielaw.org *.onetrust.com bae-systems-pulse-assets.s3.eu-west-2.amazonaws.com www.google.co.jp wss://bae-systems-bot-server.ubisendaws.com www.google-analytics.com *.linkedin.com adservice.google.com www.google.se *.twitter.com partners.tremorhub.com widget.ubisend.io monitor.clickcease.com events.baesystems.com s.company-target.com region1.google-analytics.com t.co *.ads-twitter.com www.glassdoor.co.uk *.brightcove.net *.siteimproveanalytics.io www.google.de ipv4.podscribe.com verifi.podscribe.com *.cloudfront.net *.googlesyndication.com metrics.brightcove.com www.google.com.sa id.rlcdn.com bae-systems-api.ubisend.io tag-logger.demandbase.com www.clickcease.com bae-systems-bot-server.ubisendaws.com www.google.ca *.sentry.io siteimproveanalytics.com *.mktoutil.com tiscreport.org info.ai.baesystems.com www.google.com.au ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src 'self'; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft; base-uri 'none'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self'; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'self'; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
child-src 'self' tickets.papaki.com help.papaki.com support.papaki.gr accounts.google.com cdn.papaki.com payform.everypay.gr esecure.sia.eu payform-api.everypay.gr tpc.googlesyndication.com vpos.eurocommerce.gr; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; form-action 'self' vpos.eurocommerce.gr www.facebook.com eu.gateway.mastercard.com; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; font-src 'self' https:; media-src assets-eu1-cloud.deskpro.com cdn.papaki.com; object-src 'self'; style-src 'self' 'unsafe-inline' assets-eu1-cloud.deskpro.com cdn.papaki.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com; report-uri https://53af897d0dcebe7788bb17e0b500e3ef.report-uri.com/r/d/csp/wizard 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://careem-public-web-media.imgix.net https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com *.azure.com monitor.clickcease.com forms-na1.hsforms.com *.doubleclick.net perf-na1.hsforms.com c.6sc.co b.6sc.co js.hsforms.net www.google.com js.hs-scripts.com region1.google-analytics.com *.gstatic.com scout.salesloft.com forms.hsforms.com *.onetrust.com a.omappapi.com t.co *.ads-twitter.com *.wistia.com cdnjs.cloudflare.com *.facebook.com www.googletagmanager.com *.gbgplc.com api.omappapi.com *.licdn.com j.6sc.co www.google.co.uk api.company-target.com epsilon.6sense.com services.postcodeanywhere.co.uk appapi.loqate.com *.facebook.net js.hs-banner.com ipv6.6sc.co unpkg.com tracking.g2crowd.com id.rlcdn.com webeo-web-content.s3-eu-west-1.amazonaws.com scout-cdn.salesloft.com api.hubapi.com secure.adnxs.com secure.imaginative-24.com *.linkedin.com adservice.google.com epsilon-globalaccelerator.6sense.com www.clickcease.com js.hsadspixel.net *.bidr.io ldynamicspublicapi.leadforensics.com snippet.maze.co tag.demandbase.com *.twitter.com *.hubspot.com cdn.jsdelivr.net a.opmnstr.com prompts.maze.co scout.us4.salesloft.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https: 'unsafe-inline' data: 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.euronext.com gateway.euronext.com code.jquery.com cdnjs.cloudflare.com cdn.datatables.net cdn.cookielaw.org live.euronext.com www.googletagmanager.com www.youtube.com i.ytimg.com *.onetrust.com www.google-analytics.com region1.google-analytics.com euc-widget.freshworks.com *.wistia.com rawgit.com metrics.hotjar.io api.mapbox.com maxcdn.icons8.com vc.hotjar.io *.hotjar.com fast.wistia.net content.hotjar.io adservice.google.com *.googleapis.com stackpath.bootstrapcdn.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.tn api.geevisit.com www.google.co.za www.google.co.in *.ads-twitter.com www.google.co.jp www.youtube.com t.co *.gstatic.com www.google.com www.google-analytics.com songbird.cardinalcommerce.com *.amadeus.com *.doubleclick.net www.google.fr resources.digital-cloud-jed1.medallia.com secure5.arcot.com *.facebook.com www.google.com.bh udc-neb.kampyle.com kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.com.eg analytics.google.com geo.cardinalcommerce.com www.google.de upgrade.plusgrade.com dc.services.visualstudio.com svmarketing-cceec6debvfufkhk.z01.azurefd.net l.contentsquare.net www.google.ae analytics.smartvel.com www.securitytrfx.com *.tiktok.com www.google.ca www.google.com.pk cdns.eu1.gigya.com t.contentsquare.net accounts.eu1.gigya.com *.hotjar.com c.az.contentsquare.net em-frame.securitytrfx.com static.connect.travelaudience.com www.google.nl www.google.com.qa www.google.com.sg centinelapi.cardinalcommerce.com www.google.jo www.google.mu www.google.com.tr www.google.com.my metrics.hotjar.io www.google.com.om www.google.se cdn.smartvel.com www.google.com.kw mcconsumerv2.alahli.com *.twitter.com q-eu1.az.contentsquare.net *.googleadservices.com www.google.it www.google.ch *.saudia.com cdn.botframework.com *.snapchat.com datacore-write.securitytrfx.com api.smartvel.com www.google.dz www.google.es region1.google-analytics.com directline.botframework.com recaptcha.net www.google.co.id srm.aa.contentsquare.net www.google.co.ma www.google.com.ph www.googletagmanager.com www.google.co.ke region1.analytics.google.com translate.google.com sc-static.net analytics-pro.smartvel.com www.google.be writer.cardinalcommerce.com *.googleapis.com *.facebook.net static.geetest.com www.google.co.uk www.google.co.th *.opendns.com www.google.com.bd vs3d2verify.alinma.com track.connect.travelaudience.com md-scp.kampyle.com www.google.com.ng www.google.com.sa api.geetest.com vc.hotjar.io wss://directline.botframework.com em-fonts-prod.airtrfx.com adservice.google.com upgrade-cdn-prd.plusgrade.com www.google.com.au www.recaptcha.net content.hotjar.io k-eu1.az.contentsquare.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com  www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src  'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de  cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src  'self' wdr.de *.wdr.de blob: ; frame-ancestors  'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: data.stbuttons.click buttons-config.sharethis.com *.gstatic.com *.googleapis.com platform-api.sharethis.com cdn.krxd.net platform-cdn.sharethis.com cdn.polyfill.io *.mathtag.com resources.digital-cloud-west.medallia.com cdn.equalweb.com www.google-analytics.com sync.sharethis.com l.sharethis.com udc-neb.kampyle.com www.calcxml.com www.google.com *.2o7.net *.doubleclick.net t.sharethis.com www.googletagmanager.com *.omtrdc.net bcp.crwdcntrl.net *.demdex.net www.youtube.com assets.adobedtm.com www.everestjs.net *.everesttech.net analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net region1.google-analytics.com cmp.osano.com www.googletagmanager.com wec-assets.terminus.services *.vimeo.com www.youtube.com ipinfo.io cdn.jsdelivr.net consent.api.osano.com *.gstatic.com *.optimizely.com www.fico.com pi.pardot.com ficodotcom.prod.acquia-sites.com cdn.commento.io content.fico.com *.googleapis.com c.cintnetworks.com js.driftt.com commento.io www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com www.google.com.pe www.google.co.za *.ads-twitter.com www.google.com.br www.google-analytics.com t.co www.google.com www.google.cl www.google.co.nz www.google.fr *.doubleclick.net *.facebook.com udc-neb.kampyle.com www.google.com.eg tags.tiqcdn.com *.linkedin.com www.google.co.ao img.youtube.com img06.en25.com *.omtrdc.net apps.shareaholic.com *.eloqua.com www.google.co.jp www.google.co.kr www.google.co.in maxcdn.bootstrapcdn.com www.google.com.ar www.google.com.my www.google.com.do wss://collection.decibelinsight.net www.google.az www.google.com.tw collection.decibelinsight.net *.twitter.com resources.digital-cloud.medallia.eu www.google.com.mx js.maxmind.com cdnjs.cloudflare.com www.google.ch www.google.com.sg www.youtube.com www.google.co.id www.google.it www.google.al www.google.com.co analytics.shareaholic.com *.googleadservices.com www.google.co.il www.google.com.ec *.wistia.com cdn.cookielaw.org www.google.dz www.google.com.ph *.everesttech.net *.demdex.net *.onetrust.com www.googletagmanager.com *.googleapis.com www.shareaholic.net static.geetest.com *.facebook.net www.google.co.uk www.google.com.ua www.google.es *.licdn.com www.google.com.sv www.google.com.bd www.google.pl www.google.com.pk www.google.com.ng cdn.openshareweb.com www.google.com.sa geoip-js.com api.geetest.com *.gstatic.com www.google.kz www.google.co.th www.google.com.hk cdn.decibelinsight.net www.google.com.vn www.google.ca www.google.ae adservice.google.com www.google.com.bo www.google.com.au www.google.co.ma www.google.com.tr ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; frame-src https://www.google.com https://status.netservicesgroup.com; child-src https://status.netservicesgroup.com https://www.google.com https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-Pkt8j98M46glrPDzrqR9I9gac/h2nvberIdQkhIGySk=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://www.google.com https://www.gstatic.com https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-3ocR7726kV2Y3awnQx4u408K1Dxd7l3X9nvrC91J15k=' 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2
default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 2
default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 2
default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com analytics.cloud.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 2
default-src data: blob: 'self' https://*.ugc.gov.in 'unsafe-inline' *.ugc.gov.in 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src *.ugc.gov.in *.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ugc.gov.in https://www.gstatic.com/ https://www.ugc.gov.in/js/owl.carousel.min.js https://platform.twitter.com/widgets.js ; connect-src * 'unsafe-inline' googleads.g.doubleclick.net www.googleadservices.com; img-src * data: blob: 'unsafe-inline'; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ugc.gov.in/ *.node.js *.page-style.js https://fonts.googleapis.com/; object-src 'none'; base-uri 'none'; 2
default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2
default-src 'self'; frame-src *.recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'sha256-aa3zqmSclzP4+Q8BY2jE5eMh7255xm4fHK4vW3A0m/g=' 'self' 'self' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net *.youtube.com/embed platform.twitter.com https://www.gstatic.cn/recaptcha cdn.usefathom.com *.mux.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.ytimg.com cdn.usefathom.com *.mux.com; connect-src 'self' blob: *.procreate.art *.procreate.com *.sentry.io *.savage.si savage-support-request-files.s3-accelerate.amazonaws.com *.mux.com https://inferred.litix.io/; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si *.mux.com; style-src 'unsafe-inline' *.procreate.art *.procreate.com https://fonts.googleapis.com; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; font-src 'self' https://fonts.gstatic.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 2
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.sagepayments.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io *.sagepayments.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.air360.io https://*.air360tracker.net https://cdn.jsdelivr.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://*.pinterest.com https://*.criteo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://adservice.google.com https://ade.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms https://*.cookielaw.org https://jde.blueconic.net https://*.contentsquare.net https://*.bidswitch.net https://*.adnxs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.criteo.com https://id5-sync.com https://*.ivitrack.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.openx.net https://*.krxd.net https://*.1rx.io https://*.thebrighttag.com https://*.eyeota.net https://*.tapad.com https://*.postcodeanywhere.co.uk https://*.igodigital.com https://*.air360.io https://*.air360tracker.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://unpkg.com *.avada.io https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://mpsnare.iesnare.com https://*.contentsquare.net https://*.criteo.com https://*.cloudfront.net https://*.postcodeanywhere.co.uk https://*.igodigital.com https://*.air360.io https://*.air360tracker.net https://cdn.jsdelivr.net https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.postcodeanywhere.co.uk https://*.air360.io https://*.air360tracker.net https://cdn.jsdelivr.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://get.geojs.io *.avada.io https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://*.contentsquare.net https://*.air360.io https://*.air360tracker.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' hcfmhvpbqfb6.statuspage.io iwantmyname.com www.gstatic.com *.iwantmyname.com *.centralnicgroup.com ; connect-src 'self' data: adblockers.opera-mini.net api.adblocknext.com api.awesomeblocker.com api.iwantmyname.com assets.evrpg.com cdn.honey.io cdn.rawgit.com cdn.siftscience.com fonts.googleapis.com hcfmhvpbqfb6.statuspage.io iwantmyname.com mozbar.moz.com perf-eu1.hsforms.com region1.analytics.google.com rum.optimizely.com stats.g.doubleclick.net translate.googleapis.com view.light-speed.com wss://api.iwantmyname.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.statuspage.io *.centralnicgroup.com * ; img-src 'self' data: about: cdn.honey.io fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com images.iwantmyname.com perf-eu1.hsforms.com region1.analytics.google.com shareasale.com syndication.twitter.com translate.google.com use.fontawesome.com www.googletagmanager.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.typekit.net * ; font-src 'self' data: assets.evrpg.com cdn.honey.io fonts.googleapis.com fonts.gstatic.com ncspublicasset.s3.eu-west-3.amazonaws.com pro.fontawesome.com ray.st region1.analytics.google.com use.fontawesome.com use.typekit.net *.analytics.google.com *.google-analytics.com * ; media-src 'self' data: ; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net pro.fontawesome.com * ; style-src-elem 'self' 'unsafe-inline' adblockers.opera-mini.net cdn.honey.io cdn.jsdelivr.net cdn.rawgit.com fonts.googleapis.com fonts.gstatic.com gc.kis.v2.scr.kaspersky-labs.com iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-scripts.com pro.fontawesome.com s7.addthis.com translate.google.com use.fontawesome.com www.google-analytics.com *.hubspot.com *.centralnicgroup.com * ; frame-src 'self' *.google.com hcfmhvpbqfb6.statuspage.io mozbar.moz.com platform.twitter.com region1.analytics.google.com webmarshal.home www.googletagmanager.com *.analytics.google.com *.google-analytics.com * ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com api.getvero.com cdn.honey.io cdn.optimizely.com cdn.rawgit.com cdn.siftscience.com cdn.statuspage.io cdnjs.cloudflare.com hcfmhvpbqfb6.statuspage.io iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net platform.twitter.com s7.addthis.com statuspage-production.s3.amazonaws.com translate.googleapis.com use.typekit.net view.light-speed.com www.google.com www.gstatic.com *.cloudfront.net *.hubspot.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.centralnicgroup.com * ; report-uri https://iwantmyname.com/CSP_report; 2
font-src *.fontawesome.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com *.sanity.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.apicdn.sanity.io *.api.sanity.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://cdnmon.cfigroup.com https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap@2.0.4/ https://cdn.knightlab.com https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; ${csp-script-src-attr} script-src-elem 'self' https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://search.usa.gov; report-uri https://www.nal.usda.gov/csp-collector/index.php; 2
font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.benu.hu data: *.googleapis.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com data: *.google.com *.youtube.com *.publitas.com *.fliphtml5.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com https://redchamps.com www.safemage.com *.benu.hu *.cloudfront.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com image.arukereso.hu *.google.hu *.hotjar.com *.arukereso.hu *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com *.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.googleadservices.com *.prefixbox.com *.publitas.com *.hotjar.com *.benu.hu *.arukereso.com gravity-dev-assets.oss-eu-central-1.aliyuncs.com benuhu.engine.yusp.com https://maileon-cdn.s3.eu-central-1.amazonaws.com/met/met.js clarity.ms *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.prefixbox.com *.benu.hu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.benu.hu *.google-analytics.com *.prefixbox.com *.doubleclick.net *.services.visualstudio.com *.hotjar.com *.hotjar.io benuhu.engine.yusp.com *.maileon.hu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.acsbapp.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com embedsocial.com *.criteo.net *.criteo.com *.dmxleo.com www.facebook.com *.contextweb.com *.addthis.com www.xtento.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com hb.yahoo.net www.google.co.in adx.dable.io cs.adingo.jp idsync.rlcdn.com sync.aralego.com e1.emxdgt.com cdn.aralego.net *.acsbapp.com *.waysidegardens.com *.facebook.com *.bing.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com id5-sync.com *.thebrighttag.com *.krxd.net *.google.com.ua *.google.net *.google.pl *.google.com *.criteo.net *.mediawallahscript.com *.socdm.com *.stickyadstv.com *.liadm.com *.postrelease.com *.revcontent.com *.smaato.net *.bluekai.com *.agkn.com *.tapad.com *.clmbtech.com *.co.kr *.dmxleo.com *.contextweb.com *.espssl.com *.adgrx.com store.paradoxlabs.com *.addthis.com www.xtento.com cdn.xtento.com *.listrakbi.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.newrelic.com *.nr-data.net *.jacksonandperkins.com acsbapp.com embedsocial.com *.zdassets.com *.bing.com *.criteo.com *.facebook.net *.dmxleo.com *.contextweb.com *.espssl.com *.hotjar.com plausible.io *.addthis.com z.moatads.com  *.addthisedge.com www.xtento.com cdn.xtento.com *.listrakbi.com https://services.listrak.com *.avada.io *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://fonts.googleapis.com fonts.googleapis.com embedsocial.com *.listrakbi.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.newrelic.com *.nr-data.net *.jacksonandperkins.com *.acsbapp.com https://maps.googleapis.com *.google-analytics.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.google.com.ua *.google.net *.google.pl *.google.com *.bing.com *.doubleclick.net *.criteo.com *.dmxleo.com *.contextweb.com *.espssl.com plausible.io *.addthis.com *.listrakbi.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.w3schools.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.midtrans.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.midtrans.com *.mxpnl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.infonet.com.py:8888/ *.newrelic.com *.nr-data.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.infonet.com.py:8888 *.infonet.com.py *.nr-data.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 2
default-src 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com; connect-src 'self' sunpower.okta.com sunpower-admin.okta.com login.mysunpower.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com sunpower.kerberos.okta.com sunpower.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com; style-src 'unsafe-inline' 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com; frame-src 'self' sunpower.okta.com sunpower-admin.okta.com login.mysunpower.com login.okta.com; img-src 'self' sunpower.okta.com login.mysunpower.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' sunpower.okta.com login.mysunpower.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://sds.mysunpower.com https://eddie.mysunpower.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com *.wisernotify.com *.wisermapp.com wnreports.azurewebsites.net data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com; report-to csp-endpoint 2
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkoutshopper-test.adyen.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/4.7.2/adyen.js https://checkoutshopper-test.adyen.com/checkoutshopper/v1/analytics/log https://checkoutshopper-live.adyen.com/  https://www.paypal.com/ https://www.espares.co.uk/ https://www.espares.ie/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://bat.bing.com/ https://ajax.aspnetcdn.com/ https://assets.empathybroker.com/ https://widget.trustpilot.com/bootstrap/ https://www.dwin1.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.googlecommerce.com/trustedstores/api/js https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/ouibounce/ https://www.google.com https://apis.google.com/ https://spareparts.whoson.com https://webchat.mitel.io/ https://www.googleadservices.com/pagead/ https://app.yieldify.com/yieldify/ https://td.yieldify.com/yieldify/ https://googleads.g.doubleclick.net https://platform.twitter.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://connectdistribution.whoson.com/ https://webchat.mitel.io/ https://tag.perfectaudience.com/serve/ https://www.zenaps.com/ https://tracker.marinsm.com/ https://www.awin1.com/ https://tpc.googlesyndication.com/ wss://am.freshrelevance.com/ https://tracker.departapp.com/ https://cdn-ads.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://imasdk.googleapis.com/ https://adservice.google.com/ https://api.microsofttranslator.com/ https://www.microsofttranslator.com/ https://translate.googleapis.com/ https://tagmanager.google.com/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/api/vtinfo https://tagmanager.google.com/debug/debuguiApp-bundle.js https://orbitvu.co/ https://cdn.orbitvu.co https://ui.powerreviews.com/ https://display.powerreviews.com/ https://static.powerreviews.com/ https://writeservices.powerreviews.com/; style-src 'self' 'unsafe-inline' *; 2
frame-src 'self'             https://*.adyen.com             *.cookiebot.com             https://apps.apple.com             https://*.zebet.fr             https://*.zebet.com             https://*.zebet.be             https://*.zebet.es             https://*.zebet.nl             https://*.zeturf.be             https://*.zeturf.com             https://*.zeturf.es             https://*.zeturf.fr             https://*.zeturf.nl             https://*.m-itrust.com             https://*.redsys.es             https://*.apata.io             https://*.abanca.com             https://*.n26.com             https://*.postfinance.ch             https://*.ing.fr             https://*.monext.fr             https://*.ing.com             https://*.vinea.es             https://*.verifiedbyvisa.com             https://*.cic.fr             https://*.cm-cic.com             https://*.creditmutuel.fr             https://*.modirum.com             https://*.gbp.ma             https://*.cornercard.ch             https://*.wlp-acs.com ;    report-uri /en/webservice/api/report-csp 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.ender-informatics.ch; img-src 'self' data: data: secure.gravatar.com www.gravatar.com; worker-src 'self' ; frame-ancestors 'none' ; report-uri https://www.ender-informatics.ch?gdsih-csp-report; 2
default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 2
default-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com use.typekit.net ; style-src-elem 'self' 'unsafe-inline' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io btb-glossary-bucket-production-us-east-1.s3.amazonaws.com https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io fonts.googleapis.com metrics.articulate.com modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://s3.amazonaws.com/helpimg/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ p.typekit.net ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src 'self' blob: data: ; 2
font-src *.typekit.net fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://celebrosnlp.com *.celebrosnlp.com *.gstatic.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.espssl.com CPapShopM2-search.celebros.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net widgets.automizely.com widgets.automizely.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.listrakbi.com *.bing.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.payments-amazon.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.adsrvr.org celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.nr-data.net *.newrelic.com *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.gstatic.com *.rtb123.com *.googleapis.com *.routeapp.io *.mypurecloud.com https://sentry.io *.sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io maxcdn.bootstrapcdn.com *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com *.listrak.com *.listrakbi.com *.nr-data.net *.newrelic.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salescycle.com wss://ws.salescycle.com *.salecycle.com wss://ws.salecycle.com *.facebook.com https://www.facebook.com *.googleapis.com *.route.com *.adnxs.com *.mypurecloud.com wss://webmessaging.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.pro.ip-api.com *.ip-api.com *.amazonaws.com *.breadgateway.net *.bing.com *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.velux.de *.paypalobjects.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.jsctool.com *.google.com *.pay1.de *.hotjar.com *.solutect.de *.awin1.com *.sovendus.com *.paypalobjects.com *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de secure.pay1.de payments.amazon.de www.jsctool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com benz24.de benz24.at benz24.ch benz24.fr *.consentmanager.net *.pay1.de *.consensu.org *.bing.com *.google.com *.google.de *.google.ch *.google.at *.google.fr *.google.nl *.google.be *.google.li *.google.lu *.awin1.com *.bizrate.com *.ladenzeile.de *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.velux.de *.youtube.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.consentmanager.net *.pay1.de *.paypal.com *.ratepay.com *.googleapis.com *.sovendus.com *.googletagmanager.com *.consensu.org *.dwin1.com *.bing.com *.hotjar.com *.cnnx.link *.ladenzeile.de *.solutect.de *.awin1.com *.sciencebehindecommerce.com *.trustedshops.com benz24.de benz24.at benz24.ch benz24.fr *.velux.de chimpstatic.com *.paqato.com *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com *.s24.com *.youtube.com *.nextleveldefend.com zaunplaner.traumgarten.de secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com *.avada.io https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.consensu.org *.velux.de d.ratepay.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.ratepay.com *.doubleclick.net *.google.com *.google.de *.google-analytics.com *.bing.com *.hotjar.com *.hotjar.io *.sovendus.com *.sciencebehindecommerce.com *.trustedshops.com *.etrusted.com *.velux.de *.benz24.app mtm.benz24.de *.taboola.com *.googlesyndication.com zaunplaner.traumgarten.de payments.amazon.de d.ratepay.com www.jsctool.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 2
default-src 'self' https://client.getinchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://cdn.userecho.com https://client.getinchat.com https://yandex.ru/ https://*.yandex.ru https://*.maps.yandex.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://*.starline.ru https://*.maps.yandex.net https://*.google.com https://enterprise.api-maps.yandex.ru https://cdn.userecho.com https://*.openstreetmap.org http://yandex.st/ https://yandex.st/ https://mc.yandex.ru; connect-src 'self' ws://*.starline.ru wss://rpl.starline-online.ru https://client.getinchat.com https://mc.yandex.ru https://geocode.starline.ru; frame-src 'self' https://*.google.com https://arkan.ru; 2
connect-src 'self' cdn.linkedin.oribi.io connect.facebook.net content.hotjar.io eu2.cdn.thunderhead.com google-analytics.com johnlewis.cdn.prismic.io static.cdn.prismic.io adservice.google.com force.com stats.g.doubleclick.net googleads4.g.doubleclick.net nutmeg-internal-prod.eu.auth0.com nm-onfido-gateway.prod.nutmeg.co.uk nutmeg-internal-prod.eu.auth0.com/oauth/token; default-src 'self' sentry.io tag.mention-me.com static.mention-me.com; font-src 'self' data: use.typekit.net cdn.jsdelivr.net marketingwebsite.cdn.prismic.io; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; img-src 'self' connect.facebook.net facebook.com google.com google.co.uk googletagmanager.com adservice.google.com ad.doubleclick.net googleusercontent.com images.prismic.io eu2.thunderhead.com cdn.cookielaw.org px.ads.linkedin.com authentication.nutmeg.com signup.nutmeg.com; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.segment.com api.segment.io connect.facebook.net content.hotjar.io marketingwebsite.cdn.prismic.io; script-src-elem 'self' cdn.segment.com api.segment.io connect.facebook.net content.hotjar.io eu2.cdn.thunderhead.com facebook.com googletagservices.com snap.licdn.com js.stripe.com/v3 force.com d.la1-c2-lo2.salesforceliveagent.com dwin1.com service.force.com cdn.cookielaw.org script.hotjar.com connect.facebook.net api.segment.io; style-src-elem 'self' force.com service.force.com; worker-src 'self'; frame-src * data: blob:; object-src 'none'; base-uri 'self'; report-uri https://csp.nutmeg.com/csp-reports 2
font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net *.googletagmanager.com ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com insights.algolia.io maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 2
default-src 'none'; script-src 'self' https://butterfly-cdn.masterworks.com https://api.cloudsponge.com https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://cdn.segment.com https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com https://snap.licdn.com https://www.googleadservices.com https://bat.bing.com https://tag.rmp.rakuten.com https://www.redditstatic.com https://s.yimg.com https://www.clickcease.com https://connect.facebook.net https://tr.outbrain.com https://b-code.liadm.com https://d.impactradius-event.com https://www.clarity.ms https://cdn.pdst.fm https://d18p8z0ptb8qab.cloudfront.net https://secure.quantserve.com https://rules.quantcount.com https://tags.srv.stackadapt.com https://www.krishetrk.com https://ext.chtbl.com https://pixel.visitiq.io https://collector-31806.tvsquared.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.addevent.com 'sha256-9NSB+DllU3BlD34AIE9bDhybGzPQuNOyfx//ClMfQ9w='; connect-src 'self' https://account.masterworks.com https://api.masterworks.com/graphql wss://api.masterworks.com/graphqlws https://pricedb.ms.masterworks.io/graphql wss://bgro41vnmb.execute-api.us-east-2.amazonaws.com/production https://butterfly-cdn.masterworks.com https://butterfly-api.masterworks.com https://sonic.masterworks.com https://*.ingest.sentry.io https://api.cloudsponge.com https://collect.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://*.google-analytics.com https://trc.taboola.com https://bat.bing.com https://s.yimg.com https://rp.liadm.com/ https://f.clarity.ms https://tags.srv.stackadapt.com https://us-central1-adaptive-growth.cloudfunctions.net https://t.getletterpress.com/ https://tag.simpli.fi https://stats.g.doubleclick.net https://masterworks.536u.net https://cdn.addevent.com; img-src 'self' data: https://s3.amazonaws.com/works.masterworks.io/* https://images.ctfassets.net https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://www.google-analytics.com https://bat.bing.com https://tr.outbrain.com https://ciqtracking.com/ https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://q.quora.com https://trkn.us https://data.adxcel-ec2.com https://ups.analytics.yahoo.com https://sp.analytics.yahoo.com https://us-u.openx.net https://t.co https://analytics.twitter.com https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://x.bidswitch.net https://ib.adnxs.com https://aa.agkn.com https://pxl.qccerttest.com https://pixel.quantcount.com https://pixel.visitiq.io https://collector-31806.tvsquared.com; style-src 'self' https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://tags.srv.stackadapt.com https://cdn.addevent.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; manifest-src 'self'; font-src 'self'; frame-src https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://www.facebook.com https://cdn.addevent.com; upgrade-insecure-requests; report-uri https://csp.ms.masterworks.io/ 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com googletagmanager.com *.googletagmanager.com *.optimizely.com stockist.co *.stockist.co *.klaviyo.com; report-uri /.webscale/csp-report 2
frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; form-action 'self'; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 2
default-src 'self'; style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self'; 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com static.compari.ro *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.hotjar.com *.doubleclick.net *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.gstatic.com *.googleapis.com *.yandex.ru *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.freshworks.com *.hotjar.com *.retailrocket.net *.yandex.ru *.api.useinsider.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud *.freshworks.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.yotpo.com *.nr-data.net *.freshworks.com *.googleapis.com stats.g.doubleclick.net *.yandex.ru *.mercadopago.com *.mercadolibre.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bpweb.wlyss.net www.wasp777.com *.gstatic.com lobby.imspade.com www.wasp333.com download-sp.claretfox.com cdn.dcloud.net.cn www.recaptcha.net play.luckypig188.com zf-api.claretfox.com m.pgf-thzvvo.com gameweb.rsgaming888.com lobby.luckypig188.com update.waspadfpj.com play.gold88dragon.com vcnh2k.wlyss.net www.waspfun.com *.googleapis.com www.onlinegames22.com game.nb8latvia.com www.baoding68b.net www.weimen99f.net www.kongming88i.net www.kongming88h.net lobby.queenmakergames.co wbgame.bd33fgabh.com games.askmeslot.io wss://wss.waspzf.com lobby.gold88dragon.com *.facebook.net api-www.wasptha.com sports.kkxxtt.com *.jackywong14792.xyz *.jonem.net 277bdnt1n6.iumtibif.net translate.google.com game.bb9uns.com *.cismaposie.com cdvbyh.uikehnbv.com olw.ygauiog.com www.gwp6868.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
report-uri                   https://gfcorporate.report-uri.com/r/d/csp/wizard ;               default-src                   'self'                   www.gfms.com                   gfms.com                   gfcorporate.report-uri.com                   *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ;               connect-src                   'self'                   *.google-analytics.com                   apikeys.civiccomputing.com                   *.googleapis.com                   center.lon5.atomz.com                   clapi.civiccomputing.com                   sp1004e61f.guided.lon5.atomz.com                   sp1004e61a.guided.lon5.atomz.com                   sp1004e5dd.guided.lon5.atomz.com                   stats.g.doubleclick.net                   www.facebook.com                   uberall.com                   locator.uberall.com                   api.moin.ai                   www.gfpstools.com                   cdn.linkedin.oribi.io                   assets.georgfischer.com                   *.analytics.google.com                   *.googletagmanager.com                   *.g.doubleclick.net                   *.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               font-src                   'self'                   fonts.gstatic.com                   widget.moin.ai                   static-prod.uberall.com                   static.prod.uberall.com ;               script-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   *.google-analytics.com                   *.googletagmanager.com                   ajax.googleapis.com                   cc.cdn.civiccomputing.com                   connect.facebook.net                   cdnjs.cloudflare.com                   gstatic.com                   maps.googleapis.com                   siteimproveanalytics.com                   snap.licdn.com                   static-prod.uberall.com                   uberall.com                   locator.uberall.com                   www.youtube.com                   www.pagespeed-mod.com                   www.googleoptimize.com                   mktdplp102cdn.azureedge.net                   www.pagespeed-mod.com                   widget.moin.ai                   platform.contentfry.com                   cdn.cookielaw.org                   cookie-cdn.cookiepro.com                   privacyportal.onetrust.com                   geolocation.onetrust.com                   r1.dotdigital-pages.com                   r1-t.trackedlink.net                   r1.ddlnk.net                   www.googleadservices.com;               style-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   fonts.googleapis.com                   widget.moin.ai ;               img-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   assets.georgfischer.com                   www.linkedin.com                   *.global.siteimproveanalytics.io                   nswow-imageresizer.azurewebsites.net                   px.ads.linkedin.com                   www.facebook.com                   *.google.com                   gfms.com                   www.gfms.com                   static-prod.uberall.com                   static.prod.uberall.com                   www.linkedin.com                   s7e5a.scene7.com                   *.g.doubleclick.net                   *.svc.dynamics.com                   i.ytimg.com                   maps.gstatic.com                   www.gfpstools.com                   locator.uberall.com                   *.amazonaws.com                   *.googletagmanager.com                   *.googleapis.com                   *.google-analytics.com                   *.analytics.google.com                   *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat                   cdn.cookielaw.org                   *.onetrust.com ;               child-src                   'self'                   analytics-eu.clickdimensions.com                   live.solique.ch                   www.youtube.com ;               form-action                   'self' ;               frame-ancestors                   'self' ;               frame-src                   'self'                   'unsafe-inline'                   'unsafe-eval'                   data:                   analytics-eu.clickdimensions.com                   google.com                   ir.tools.investis.com                   irs.tools.investis.com                   live.solique.ch                   recruitingapp-5505.de.umantis.com                   registration.gesevent.com                   six-swiss-exchange.com                   tools.google.com                   uberall.com                   widget.moin.ai                   *.svc.dynamics.com                   www.gfps.com                   ir2.flife.de                   www.youtube.com                   r1.dotdigital-pages.com                   display.contentfry.com                   googletagmanager.com                   youtube.com ; 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com;                     img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;                     font-src *.gstatic.com *.hotjar.com *.hotjar.io;                     frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/;                     object-src https://wjecwebsitelive.blob.core.windows.net;                     connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com;                     style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
font-src *.agrialpro.fr *.lamaison.fr fonts.gstatic.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com dynamic.criteo.com api.oney.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com gum.criteo.com youtu.be facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.agrialpro.fr *.lamaison.fr maps.gstatic.com maps.google.com maps.googleapis.com cl.avis-verifies.com www.google.fr www.facebook.com *.dmxleo.com *.bidswitch.net *.adform.net *.casalemedia.com *.criteo.com *.id5-sync.com id5-sync.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.yieldmo.com *.yieldlab.net *.emxdgt.com *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.net *.3lift.com *.omnitagjs.com *.360yield.com *.sharethrough.com *.tremorhub.com *.krxd.net *.hsforms.net *.hsforms.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.google.com maps.googleapis.com *.agrialpro.fr *.lamaison.fr cdn.jsdelivr.net cl.avis-verifies.com connect.facebook.net js-agent.newrelic.com *.criteo.com bam.nr-data.net showcase.join-stories.com cdn.webotit.ai s7.addthis.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.8/pwacompat.min.js *.hsforms.net *.hsforms.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agrialpro.fr *.lamaison.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.agrialpro.fr *.lamaison.fr stats.g.doubleclick.net bam.nr-data.net *.criteo.com maps.googleapis.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: zoocordoba.tallerempresarial.com *.gstatic.com cdn.jsdelivr.net www.google.com production-cb-01.lsfilter.com www.googletagmanager.com *.cordoba.es acsbapp.com www.w3.org cdn.acsbapp.com secure.gravatar.com landbot.pro code.jquery.com cdnjs.cloudflare.com jigsaw.w3.org *.facebook.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz  *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'  https://*.usablenet.com/ https://federicos-midlandcredit-a40.udev1a.net/ https://bat.bing.com/ https://cdn.aerisapi.com/ https://cdn.optimizely.com/ https://connect.facebook.net/ https://*.criteo.com/ https://mcmcg.us.unblu.app/ https://munchkin.marketo.net/ https://player.vimeo.com/ https://seal.digicert.com/ https://www.google-analytics.com/ https://*.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://*.usablenet.com/ https://mcmcg.us.unblu.app/; object-src 'none'; base-uri 'self'; connect-src 'self' https://get663.com/ https://*.google.com/ https://346-ulh-428.mktoresp.com/ https://346-ulh-428.mktoutil.com/ https://api.aerisapi.com/ https://bat.bing.com/ https://*.optimizely.com/ https://*.unblu.app/ https://*.doubleclick.net/ https://*.google-analytics.com/ wss://mcmcg.us.unblu.app/ https://cdnma.cdnservice.space/ https://www.facebook.com/ https://*.criteo.com/; font-src 'self' data: https://fonts.gstatic.com/ https://mcmcg.us.unblu.app/ https://zip.co/ https://at.alicdn.com/ https://www.slant.co/; frame-src 'self' https://www.youtube.com/ https://*.doubleclick.net/ https://a8475024065.cdn.optimizely.com/ https://accounts.midlandcredit.com/ https://*.criteo.com/ https://*.criteo.net/ https://*.vimeo.com/ https://vimeo.com/ https://*.opendns.com/ https://www.google.com/ https://www.googletagmanager.com/ https://gateway.zscalerthree.net/ https://mozbar.moz.com/; img-src * data:; manifest-src 'self'; media-src 'self' data: https://mcmcg.us.unblu.app/; report-uri https://62fe666c46dbffc8b5c2b37e.endpoint.csper.io?v=10; worker-src 'none'; 2
script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.securedvisit.com *.g.doubleclick.net www.dwin1.com *.attn.tv *.attentivemobile.com cdn.polyfill.io cdn.jsdelivr.net *.kaptcha.com *.clarity.ms *.tiktok.com *.audioeye.com mptyxz.annieskitclubs.com *.pinimg.com http://manifest.prod.boltdns.net *.liadm.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src blob://* data://* 'self';connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.securedvisit.com *.g.doubleclick.net www.dwin1.com *.attn.tv *.attentivemobile.com cdn.polyfill.io cdn.jsdelivr.net *.kaptcha.com *.clarity.ms *.tiktok.com *.audioeye.com mptyxz.annieskitclubs.com *.pinimg.com http://manifest.prod.boltdns.net *.liadm.com; report-uri /ajax/content_policy_violation.php 2
report-uri /algemeen/report_CSP_error.php; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src temu: *.temu.com *.kwcdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri /api/sec-csp/110000006/report 2
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com https://www.facebook.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://www.facebook.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
child-src 'self' blob:; connect-src 'self' script.crazyegg.com tracking.crazyegg.com www.google-analytics.com maps.googleapis.com stats.addtoany.com pagestates-tracking.crazyegg.com/healthcheck assets-tracking.crazyegg.com/healthcheck va.msg.liveperson.net analytics.google.com stats.g.doubleclick.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; default-src 'self'; font-src 'self' data: fonts.gstatic.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; frame-ancestors 'self'; frame-src 'self' lpcdn.lpsnmedia.net va.idp.liveperson.net static.addtoany.com share.transistor.fm www.onlinebanktours.com player.vimeo.com fintactix.com bancorpsouth.custhelp.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net insight.adsrvr.org match.adsrvr.org va.msg.liveperson.net 9936641.fls.doubleclick.net td.doubleclick.net www.fintactix.com; img-src 'self' data: d21y75miwcfqoq.cloudfront.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net maps.gstatic.com maps.googleapis.com i.vimeocdn.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net https://www.facebook.com/tr/ lpcdn.lpsnmedia.net googleads.g.doubleclick.net www.google.com ad.doubleclick.net ib.adnxs.com/pixie; media-src 'self' cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net lpcdn.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com script.crazyegg.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net va.v.liveperson.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net static.cloudflareinsights.com maps.googleapis.com static.addtoany.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net js.adsrvr.org/up_loader.1.1.0.js connect.facebook.net www.googleadservices.com acdn.adnxs.com/dmp/up/pixie.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; 2
report-uri https://xtm.cloud/contact/; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com ka-p.fontawesome.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com tracking.g2crowd.com https://cdn.cookielaw.org/ https://extend.vimeocdn.com https://f.vimeocdn.com https://js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com forms.hscollectedforms.net api.hubapi.com static.hsappstatic.net https://cdn.jsdelivr.net embed.typeform.com extend.vimeocdn.com kit.fontawesome.com snap.licdn.com www.google-analytics.com connect.facebook.com connect.facebook.net googleads.g.doubleclick.net js.usemessages.com ws.zoominfo.com bat.bing.com static.hotjar.com www.gstatic.com www.google.com forms-na1.hsforms.com js.hsforms.net j.6sc.co;; style-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com fonts.googleapis.com ka-p.fontawesome.com kit.fontawesome.com;; img-src 'self' 'unsafe-inline' data: cdn.cookielaw.org i.vimeocdn.com track.hubspot.com secure.gravatar.com images.typeform.com bat.bing.com forms.hsforms.com www.google.com www.google.pl px.ads.linkedin.com www.facebook.com forms-na1.hsforms.com b.6sc.co www.googletagmanager.com;; object-src 'unsafe-eval' 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 2
default-src             'self'         ;         script-src             'self'             'unsafe-eval'             'unsafe-inline'             https://bt.fraud0.com             https://consent.cookiebot.com             https://consentcdn.cookiebot.com             https://maps.googleapis.com             https://player.podigee-cdn.net             https://www.gstatic.com             https://www.google.com             https://www.googletagmanager.com         ;         style-src             'self'             'unsafe-inline'             https://fonts.googleapis.com             https://player.podigee-cdn.net         ;         object-src             'none'         ;         connect-src             'self'             https://*.google-analytics.com             https://*.analytics.google.com             https://adservice.google.com             https://analytics.google.com             https://api.fraud0.com             https://consentcdn.cookiebot.com             https://maps.googleapis.com             https://omicron.matomo.cloud             https://stats.g.doubleclick.net             https://vc.hotjar.io             https://www.google.com             https://www.google.ad             https://www.google.ae             https://www.google.com.af             https://www.google.com.ag             https://www.google.al             https://www.google.am             https://www.google.co.ao             https://www.google.com.ar             https://www.google.as             https://www.google.at             https://www.google.com.au             https://www.google.az             https://www.google.ba             https://www.google.com.bd             https://www.google.be             https://www.google.bf             https://www.google.bg             https://www.google.com.bh             https://www.google.bi             https://www.google.bj             https://www.google.com.bn             https://www.google.com.bo             https://www.google.com.br             https://www.google.bs             https://www.google.bt             https://www.google.co.bw             https://www.google.by             https://www.google.com.bz             https://www.google.ca             https://www.google.cd             https://www.google.cf             https://www.google.cg             https://www.google.ch             https://www.google.ci             https://www.google.co.ck             https://www.google.cl             https://www.google.cm             https://www.google.cn             https://www.google.com.co             https://www.google.co.cr             https://www.google.com.cu             https://www.google.cv             https://www.google.com.cy             https://www.google.cz             https://www.google.de             https://www.google.dj             https://www.google.dk             https://www.google.dm             https://www.google.com.do             https://www.google.dz             https://www.google.com.ec             https://www.google.ee             https://www.google.com.eg             https://www.google.es             https://www.google.com.et             https://www.google.fi             https://www.google.com.fj             https://www.google.fm             https://www.google.fr             https://www.google.ga             https://www.google.ge             https://www.google.gg             https://www.google.com.gh             https://www.google.com.gi             https://www.google.gl             https://www.google.gm             https://www.google.gr             https://www.google.com.gt             https://www.google.gy             https://www.google.com.hk             https://www.google.hn             https://www.google.hr             https://www.google.ht             https://www.google.hu             https://www.google.co.id             https://www.google.ie             https://www.google.co.il             https://www.google.im             https://www.google.co.in             https://www.google.iq             https://www.google.is             https://www.google.it             https://www.google.je             https://www.google.com.jm             https://www.google.jo             https://www.google.co.jp             https://www.google.co.ke             https://www.google.com.kh             https://www.google.ki             https://www.google.kg             https://www.google.co.kr             https://www.google.com.kw             https://www.google.kz             https://www.google.la             https://www.google.com.lb             https://www.google.li             https://www.google.lk             https://www.google.co.ls             https://www.google.lt             https://www.google.lu             https://www.google.lv             https://www.google.com.ly             https://www.google.co.ma             https://www.google.md             https://www.google.me             https://www.google.mg             https://www.google.mk             https://www.google.ml             https://www.google.com.mm             https://www.google.mn             https://www.google.com.mt             https://www.google.mu             https://www.google.mv             https://www.google.mw             https://www.google.com.mx             https://www.google.com.my             https://www.google.co.mz             https://www.google.com.na             https://www.google.com.ng             https://www.google.com.ni             https://www.google.ne             https://www.google.nl             https://www.google.no             https://www.google.com.np             https://www.google.nr             https://www.google.nu             https://www.google.co.nz             https://www.google.com.om             https://www.google.com.pa             https://www.google.com.pe             https://www.google.com.pg             https://www.google.com.ph             https://www.google.com.pk             https://www.google.pl             https://www.google.pn             https://www.google.com.pr             https://www.google.ps             https://www.google.pt             https://www.google.com.py             https://www.google.com.qa             https://www.google.ro             https://www.google.ru             https://www.google.rw             https://www.google.com.sa             https://www.google.com.sb             https://www.google.sc             https://www.google.se             https://www.google.com.sg             https://www.google.sh             https://www.google.si             https://www.google.sk             https://www.google.com.sl             https://www.google.sn             https://www.google.so             https://www.google.sm             https://www.google.sr             https://www.google.st             https://www.google.com.sv             https://www.google.td             https://www.google.tg             https://www.google.co.th             https://www.google.com.tj             https://www.google.tl             https://www.google.tm             https://www.google.tn             https://www.google.to             https://www.google.com.tr             https://www.google.tt             https://www.google.com.tw             https://www.google.co.tz             https://www.google.com.ua             https://www.google.co.ug             https://www.google.co.uk             https://www.google.com.uy             https://www.google.co.uz             https://www.google.com.vc             https://www.google.co.ve             https://www.google.co.vi             https://www.google.com.vn             https://www.google.vu             https://www.google.ws             https://www.google.rs             https://www.google.co.za             https://www.google.co.zm             https://www.google.co.zw             https://www.google.cat         ;         font-src             'self'             data:             https://fonts.gstatic.com             https://player.podigee-cdn.net         ;         frame-ancestors            'self'            https://staging-www.omicroncybersecurity.com            https://www.omicroncybersecurity.com.docker         ;         frame-src             'self'             https://consentcdn.cookiebot.com             https://player.podigee-cdn.net             https://www.google.com             https://www.youtube.com         ;         img-src             'self'             data:             https://*.google-analytics.com             https://i.ytimg.com             https://img.youtube.com             https://imgsct.cookiebot.com             https://maps.googleapis.com             https://maps.gstatic.com             https://omicron.matomo.cloud             https://px.ads.linkedin.com             https://www.google.com             https://www.google.ad             https://www.google.ae             https://www.google.com.af             https://www.google.com.ag             https://www.google.al             https://www.google.am             https://www.google.co.ao             https://www.google.com.ar             https://www.google.as             https://www.google.at             https://www.google.com.au             https://www.google.az             https://www.google.ba             https://www.google.com.bd             https://www.google.be             https://www.google.bf             https://www.google.bg             https://www.google.com.bh             https://www.google.bi             https://www.google.bj             https://www.google.com.bn             https://www.google.com.bo             https://www.google.com.br             https://www.google.bs             https://www.google.bt             https://www.google.co.bw             https://www.google.by             https://www.google.com.bz             https://www.google.ca             https://www.google.cd             https://www.google.cf             https://www.google.cg             https://www.google.ch             https://www.google.ci             https://www.google.co.ck             https://www.google.cl             https://www.google.cm             https://www.google.cn             https://www.google.com.co             https://www.google.co.cr             https://www.google.com.cu             https://www.google.cv             https://www.google.com.cy             https://www.google.cz             https://www.google.de             https://www.google.dj             https://www.google.dk             https://www.google.dm             https://www.google.com.do             https://www.google.dz             https://www.google.com.ec             https://www.google.ee             https://www.google.com.eg             https://www.google.es             https://www.google.com.et             https://www.google.fi             https://www.google.com.fj             https://www.google.fm             https://www.google.fr             https://www.google.ga             https://www.google.ge             https://www.google.gg             https://www.google.com.gh             https://www.google.com.gi             https://www.google.gl             https://www.google.gm             https://www.google.gr             https://www.google.com.gt             https://www.google.gy             https://www.google.com.hk             https://www.google.hn             https://www.google.hr             https://www.google.ht             https://www.google.hu             https://www.google.co.id             https://www.google.ie             https://www.google.co.il             https://www.google.im             https://www.google.co.in             https://www.google.iq             https://www.google.is             https://www.google.it             https://www.google.je             https://www.google.com.jm             https://www.google.jo             https://www.google.co.jp             https://www.google.co.ke             https://www.google.com.kh             https://www.google.ki             https://www.google.kg             https://www.google.co.kr             https://www.google.com.kw             https://www.google.kz             https://www.google.la             https://www.google.com.lb             https://www.google.li             https://www.google.lk             https://www.google.co.ls             https://www.google.lt             https://www.google.lu             https://www.google.lv             https://www.google.com.ly             https://www.google.co.ma             https://www.google.md             https://www.google.me             https://www.google.mg             https://www.google.mk             https://www.google.ml             https://www.google.com.mm             https://www.google.mn             https://www.google.com.mt             https://www.google.mu             https://www.google.mv             https://www.google.mw             https://www.google.com.mx             https://www.google.com.my             https://www.google.co.mz             https://www.google.com.na             https://www.google.com.ng             https://www.google.com.ni             https://www.google.ne             https://www.google.nl             https://www.google.no             https://www.google.com.np             https://www.google.nr             https://www.google.nu             https://www.google.co.nz             https://www.google.com.om             https://www.google.com.pa             https://www.google.com.pe             https://www.google.com.pg             https://www.google.com.ph             https://www.google.com.pk             https://www.google.pl             https://www.google.pn             https://www.google.com.pr             https://www.google.ps             https://www.google.pt             https://www.google.com.py             https://www.google.com.qa             https://www.google.ro             https://www.google.ru             https://www.google.rw             https://www.google.com.sa             https://www.google.com.sb             https://www.google.sc             https://www.google.se             https://www.google.com.sg             https://www.google.sh             https://www.google.si             https://www.google.sk             https://www.google.com.sl             https://www.google.sn             https://www.google.so             https://www.google.sm             https://www.google.sr             https://www.google.st             https://www.google.com.sv             https://www.google.td             https://www.google.tg             https://www.google.co.th             https://www.google.com.tj             https://www.google.tl             https://www.google.tm             https://www.google.tn             https://www.google.to             https://www.google.com.tr             https://www.google.tt             https://www.google.com.tw             https://www.google.co.tz             https://www.google.com.ua             https://www.google.co.ug             https://www.google.co.uk             https://www.google.com.uy             https://www.google.co.uz             https://www.google.com.vc             https://www.google.co.ve             https://www.google.co.vi             https://www.google.com.vn             https://www.google.vu             https://www.google.ws             https://www.google.rs             https://www.google.co.za             https://www.google.co.zm             https://www.google.co.zw             https://www.google.cat             https://www.googletagmanager.com         ;         worker-src             'none'         ;         report-to default-1; 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://lleung.uriports.com/reports/report; report-to default 2
default-src https:; 						script-src https: 'unsafe-inline' 'unsafe-eval'; 						style-src https: 'unsafe-inline'; 						font-src https: data:; 						img-src https: data: about: ; 						connect-src https: wss: 'self'; 						worker-src https: blob: 'self'; 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
font-src maxcdn.bootstrapcdn.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.googleapis.com *.gstatic.com https://geowidget.easypack24.net data: https://cdn.thulium.com/ script.hotjar.com widget.fitanalytics.com/ fontawesome.com *.fontawesome.com widget.fitanalytics.com static.lancerto.com data: 'self' 'unsafe-inline'; form-action www.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.instagram.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu secure.payu.com merch-prod.snd.payu.com smartforms.ekomi.com *.ekomiapps.de https://geowidget-app.inpost.pl/ https://pudofinder.dpd.com.pl/ *.google.com *.fls.doubleclick.net creativecdn.com gum.criteo.com *.hotjar.com facebook.com www.facebook.com start.paypo.pl https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu static.criteo.net 'self' fledge.eu.criteo.com td.doubleclick.net *.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io imgsct.cookiebot.com *.cdninstagram.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com static.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.gstatic.com *.googleapis.com *.ggpht https://lancerto.com https://geowidget.easypack24.net https://osm.inpost.pl *.revhunter.tech assets.swarmcdn.com analytics.tiktok.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://developers.google.com pixel.wp.pl www.facebook.com google.com facebook.com google-analytics.com www.google.pl google.pl script.hotjar.com  data: smart-widget-assets.ekomiapps.de tbl.tradedoubler.com *.stickyadstv.com *.bing.com *.adform.net *.advertising.com ade.clmbtech.com *.criteo.com *.adnxs.com sync.outbrain.com cm.g.doubleclick.net *.analytics.yahoo.com *.yahoo.com *.tribalfusion.com sw-assets.ekomiapps.de developers.google.com *.taboola.com *.3lift.com *.rtb-csync.smartadserver.com *.casalemedia.com *.pixel.rubiconproject.com *.simage2.pubmatic.com *.criteo-sync.teads.tv *.360yield.com *.pubmatic.com *.bidswitch.net criteo-sync.teads.tv *.adscale.de *.omnitagjs.com *.smartadserver.com *.ivitrack.com *.ad.smaato.net *.sharethrough.com *.ssp.rambler.ru *.fls.doubleclick.net *.atdmt.com *.rubiconproject.com *.yieldlab.net *.e-planning.net *.ads.linkedin.com sync-tm.everesttech.net s-cs.send.microad.jp contextual.media.net us-u.openx.net cm.mgid.com pixel.tapad.com ad.as.amanad.adtdp.com an.yandex.ru trends.revcontent.com cw.addthis.com crb.kargo.com i.liadm.com jadserve.postrelease.com sync.aralego.com ad.mail.ru sync-criteo.ads.yieldmo.com a.twiago.com idsync.rlcdn.com criteo-partners.tremorhub.com d.turn.com https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu googleads4.g.doubleclick.net *.emxdgt.com googletagmanager.com static.lancerto.com htlfkw.lancerto.com s.thebrighttag.com beacon.krxd.net id5-sync.com exchange.mediavine.com https://csr.onet.pl https://upload.snrcdn.net *.clarity.ms dmp.adform.net ad.doubleclick.net images.autopay.eu ekomi-srr.s3.eu-central-1.amazonaws.com *.googlesyndication.com hb.yahoo.net *.salestube.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com consentcdn.cookiebot.com *.instagram.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com secure.payu.com secure.snd.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de *.googleapis.com *.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://bat.bing.com/ https://www.clarity.ms/ assets.swarmcdn.com *.snrbox.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ web.snrbox.com *.google.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de *.googleadservices.com connect.facebook.net px.leadexpert.pl static.lamoda.pl *.hotjar.com pixel.wp.pl wrap.tradedoubler.com static.criteo.net sslwidget.criteo.com widget.fitanalytics.com metrics.fitanalytics.com metrics-nl.fitanalytics.com cdn.wootric.com swrap.tradedoubler.com ocdn.eu js-agent.newrelic.com bam-cell.nr-data.net *.platform.hicloud.com snap.licdn.com www.snrcdn.net unpkg.com *.doubleclick.net googletagservices.com *.googlesyndication.com www.googletagservices.com https://tbs.tradedoubler.com *.tradedoubler.com https://imgstatic.eu *.imgstatic.eu maps.googleapis.com 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://cdn.juo.io https://sgqcvfjvr.onet.pl https://artemis-cdn.ocdn.eu https://player.vimeo.com https://lib.onet.pl dc.cux.io js.go2sdk.com *.creativecdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com maxcdn.bootstrapcdn.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud *.gstatic.com https://geowidget.easypack24.net https://geowidget.inpost.pl assets.swarmcdn.com *.snrcdn.net sw-assets.ekomiapps.de widget.fitanalytics.com customizations.fitanalytics.com www.snrcdn.net 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com assets.swarmcdn.com swarmify: blob: video-node.swarmcdn.com https://cdn.thulium.com/ chat-widget.thulium.com static.lancerto.com https://static.lancerto.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com consentcdn.cookiebot.com *.google-analytics.com secure.payu.com merch-prod.snd.payu.com lancerto-proxy.eu-de.mybluemix.net actionbot-proxy-lancerto.12lsncf5rsle.eu-de.codeengine.appdomain.cloud smartforms.ekomi.com *.ekomiapps.de https://geowidget.easypack24.net https://api-pl-points.easypack24.net https://osm.inpost.pl https://bat.bing.com/ *.clarity.ms video-node.swarmcdn.com wss://hornets.swarmcdn.com *.swarmcdn.com *.snrbox.com https://cdn.thulium.com/ analytics.tiktok.com https://maps.googleapis.com/ stats.g.doubleclick.net wss://v18dxapjmd.execute-api.eu-west-1.amazonaws.com smart-widget-assets.ekomiapps.de *.hotjar.com *.facebook.com clk.leadexpert.pl wss://ws17.hotjar.com  data: eligibility.wootric.com bam-cell.nr-data.net web.snrbox.com widget.fitanalytics.com *.g.doubleclick.net https://in.juo.io https://csr.onet.pl wss://n-541921153-0-27272500-1569843303-5d91e8674295d.track.cux.io events.ocdn.eu adservice.google.com bat.bing.com google.com/pay pay.google.com www.google.com *.analytics.google.com pixel.wp.pl measurement-api.criteo.com pagead2.googlesyndication.com *.creativecdn.com 'self' 'unsafe-inline'; child-src https://tbs.tradedoubler.com https://imgstatic.eu *.tradedoubler.com *.imgstatic.eu http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.fontawesome.com tbs.tradedoubler.com wickey.nl *.hotjar.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com wickey.us16.list-manage.com *.wickey.us16.list-manage.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com *.trustpilot.com tbs.tradedoubler.com forms.office.com ct.pinterest.com *.hotjar.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  d3dc1lgancj6l0.cloudfront.net www.youtube.com *.mollie.com www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.ads.linkedin.com *.google-analytics.com *.squarelovin.com *.bing.com bing.com squarelovin.com *.trustedshops.com *.mollie.com *.pinterest.com *.consentmanager.net wickey.de wickey.nl tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg ik.imagekit.io cst-tag-monitor-2nd-gen-6k3dd6vtka-ew.a.run.app dashboard.edesk.com static.sooqr.com onlinedialogue.s3.eu-west-1.amazonaws.com t.squeezely.tech wickey.ams3.digitaloceanspaces.com wickey-test.ams3.digitaloceanspaces.com d2rfa446ja7yzb.cloudfront.net app.squeezely.tech tw.wickey.si tw.wickey.gr static.spotlersearch.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.mollie.com widgets.trustedshops.com js-agent.newrelic.com bat.bing.com *.googleadservices.com connect.facebook.net bam.nr-data.net squarelovin.com c.delivery.consentmanager.net cdn.consentmanager.net s.pinimg.com analytics.tiktok.com www.googleoptimize.com snap.licdn.com hst.tradedoubler.com swrap.tradedoubler.com static.cloudflareinsights.com tracking.s24.com tw.wickey.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg delivery.consentmanager.net cdn.stape.io *.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com d3dc1lgancj6l0.cloudfront.net ajax.cloudflare.com d5yoctgpv4cpx.cloudfront.net userlike-cdn-umm.b-cdn.net onlinedialogue.s3.eu-west-1.amazonaws.com widgets.xsellco.com static.sooqr.com dynamic.sooqr.com *.neoday.com js.neoday.com cdn.ablyft.com squeezely.tech analytics.optimalpeople.fr connect.getflowbox.com ct.pinterest.com static.spotlersearch.com spotlersearchanalytics.com dynamic.spotlersearch.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.fontawesome.com squarelovin.com *.hotjar.com tagmanager.google.com widgets.xsellco.com static.sooqr.com static.spotlersearch.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.pixriot.com *.storeimaging.com ct.pinterest.com *.wickey.de stats.g.doubleclick.net analytics.tiktok.com bam.nr-data.net bat.bing.com www.google.com googleads.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com *.hotjar.io wss://*.hotjar.com www.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net d3dc1lgancj6l0.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg rkkck31tec.execute-api.eu-central-1.amazonaws.com widgets.xsellco.com firehose.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com gateway.wickey.neo.day log.ablyft.com analytics.pangle-ads.com analytics.optimalpeople.fr trustbadge.api.etrusted.com gateway.getflowbox.com a.getflowbox.com tw.wickey.si tw.wickey.gr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://wickey.de/; report-to report-endpoint; 2
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 2
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com static.klaviyo.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com consentcdn.cookiebot.com consentcdn.cookiebot.eu www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com https://hosted.paysafe.com *.sendcloud.sc checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.cardinalcommerce.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net validate.fishpig.co.uk timepayment.com consumerfinancing.s3.us-west-1.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net mageside.com *.canadapost.ca *.googleapis.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://redchamps.com media.sezzle.com c.clarity.ms c.bing.com videodelivery.net 6064173.fs1.hubspotusercontent-na1.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net consent.cookiebot.com consent.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com *.jifiti.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com  https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com stats.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.clarity.ms data: *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com tagmanager.google.com *.yotpo.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com consentcdn.cookiebot.com consentcdn.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com *.jifiti.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google-analytics.com *.google.com *.meetanshi.com https://api.test.paysafe.com https://api.paysafe.com gateway.sezzle.com sandbox.gateway.sezzle.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.clarity.ms *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com www.youtube.com *.klarna.com *.contactpigeon.com *.googlesyndication.com *.skroutz.gr *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com www.youtube.com *.sharethis.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.klarnacdn.net *.klarnaservices.com *.google.gr *.taboola.com *.skroutz.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com eu.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.taboola.com *.akstat.io *.googlesyndication.com *.skroutz.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://maps.google.com https://maps.googleapis.com https://static.addtoany.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; style-src 'self' cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 2
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.fontawesome.com *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com *.linkedin.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com wss://chat-eu1-2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.trusturk.com *.jivosite.com *.dia.com.tr *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.mobilexpress.com.tr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.trusturk.com *.gurgencler.test *.dia.com.tr *.jivosite.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.mobilexpress.com.tr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.fontawesome.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.jivosite.com *.dia.com.tr *.trusturk.net *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com ts.tradetracker.net www.magmodules.eu *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaservices.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io secure.payu.com secure.snd.payu.com *.trustpilot.com tm.tradetracker.net *.googletagmanager.com kinderkraft-staging.user.com *.user.com consentcdn.cookiebot.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.klarnacdn.net *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.trustpilot.com *.instagram.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net consentcdn.cookiebot.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com *.klarnacdn.net google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com *.klarna.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ekr.zdassets.com netdna.bootstrapcdn.com www.tadadelivery.com static.zdassets.com cdnjs.cloudflare.com *.facebook.net creatives-cdn.appsflyer.com www.google.com.co www.googletagmanager.com *.onetrust.com www.google.com.mx cdn.cookielaw.org *.facebook.com js-agent.newrelic.com banner.appsflyer.com websdk.appsflyer.com bam.nr-data.net static.addtoany.com media.dtc-icp.io *.zendesk.com *.doubleclick.net impressions.onelink.me get.geojs.io cdn.jsdelivr.net cdn.appsflyer.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
default-src https://*.cloudfront.net 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; report-uri /sentry/api/2/security/?sentry_key=a5423dd760fe46e989430f42a880f3e1; worker-src 'none'; 2
default-src 'self' wss: *.googleapis.com *.sportradar.com *.seznam.cz ai.24liveresults.com *.cloudflare.com *.iforbet.cz pagead2.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.cz *.doubleclick.net https://td.doubleclick.net *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.crazyegg.com *.gstatic.com; connect-src *; img-src 'self' data: *.googleapis.com *.seznam.cz openweathermap.org *.openweathermap.org *.iforbet.cz *.googleadservices.com ai.24liveresults.com *.cloudflare.com *.googlesyndication.com *.sportradar.com *.google-analytics.com https://td.doubleclick.net *.doubleclick.net *.google.cz *.google.com *.facebook.com *.facebook.net *.googletagmanager.com *.crazyegg.com *.gstatic.com; script-src 'self' blob: *.googleapis.com *.sportradar.com *.iforbet.cz ai.24liveresults.com *.cloudflare.com *.google-analytics.com *.google.cz *.google.com *.facebook.com *.facebook.net *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.crazyegg.com *.gstatic.com *.seznam.cz https://c.seznam.cz https://*.seznam.cz https://td.doubleclick.net *.doubleclick.net googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; style-src-elem 'self' https: 'unsafe-inline'; frame-ancestors 'self' https://*.bravobet.et bravobet.et https://*.championbetsoft.com app-demo.championbetsoft.com https://fortunebet.com.ss fortunebet.com.ss https://championbetgh.com https://*.championbetgh.com championbetgh.com https://24liveresults.com https://*.24liveresults.com 24liveresults.com https://www.facebook.cz https://*.facebook.cz facebook.com https://www.iforbet.cz https://*.iforbet.cz iforbet.cz https://www.championbet.ug https://*.championbet.ug championbet.ug https://www.championbet.et https://*.championbet.et championbet.et https://*.betbravo.et https://betbravo.et betbravo.et https://*.fortunebet.com.ss fortunebet.com.ss https://*.fortebet-rwanda.com fortebet-rwanda.com https://*.fortebet.ng https://www.fortebet.ng https://*.fortebet.ug https://www.fortebet.ug https://*.fortebet.rw/ https://fortebet.rw https://fortebet.co.zm https://*.fortebet.co.zm https://*.fortebet.com.ss https://fortebet.com.ss fortebet.co.zm fortebet.rw fortebet.com.ss fortebet.ug fortebet.ng https://*.psk.hr https://*.ifortuna.cz https://*.ifortuna.sk https://*.efortuna.ro https://*.efortuna.pl https://*.casapariurilor.ro https://*.betbravo.et/; font-src 'self' data: *.gstatic.com https://use.typekit.net; frame-src https: data: mediastream: 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google-analytics.com *.googleapis.com rs.fullstory.com edge.fullstory.com www.hospitalaleman.org.ar *.facebook.net www.googletagmanager.com *.doubleclick.net use.fontawesome.com adservice.google.com client.crisp.chat www.google.com.mx maxcdn.bootstrapcdn.com *.facebook.com hospitalaleman.easycruit.com www.google.com.ar translate.google.com analytics.google.com region1.google-analytics.com ssl.google-analytics.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com; img-src *; media-src *; frame-ancestors 'self'; report-uri https://www.svelty.com.mx/report-csp-violation 2
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com 'unsafe-inline' data: dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.list-manage.com *.sjv.io *.stripe.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.google.com.vn *.hotjar.com jardindeville.com maisoncorbeil.com mustsociete.com *.o2web.ws *.pinterest.com *.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.bird.eu *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.bing.com *.flexiti.fi *.google.ca *.google.com *.googleadservices.com *.google-analytics.com *.google.com.au *.google.com.vn jardindeville.com *.klarna.com *.lightemporium.com maisoncorbeil.com *.maisoncorbeil.com *.maisonco.local mcusercontent.com *.mustsociete.com *.paypal.com *.pinterest.com *.placeholder.com *.o2web.ws *.twimg.com *.twitter.com *.usercentrics.eu *.vimeo.com *.jsdelivr.net *.ytimg.com https://analytics.tiktok.com https://d254swjmew8w6i.cloudfront.net ca-lapresse-main.collector.snplow.net dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.exponea.com https://sdk.privacy-center.org/ *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com https://d254swjmew8w6i.cloudfront.net/ *.bing.com *.doubleclick.net *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.hotjar.com *.sjv.io *.newrelic.com *.nr-data.net *.pinimg.com *.stripe.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.zdassets.com *.zopim.com *.noibu.com *.criteo.com *.jsdelivr.net https://analytics.tiktok.com ca-lapresse-main.collector.snplow.net *.impactcdn.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net pay.google.com js.klevu.com *.ksearchnet.com *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.doubleclick.net dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com *.affirm.com *.affirm.ca *.exponea.com *.bloomreach.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.flexiti.fi *.google.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ssgtm.maisoncorbeil.com ssgtm.mustsociete.com ssgtm.jardindeville.com *.paypal.com *.pinterest.com *.twimg.com *.twitter.com *.zdassets.com *.zendesk.com wss://*.zopim.com wss://*.noibu.com *.noibu.com *.privacy-center.org https://analytics.tiktok.com https://d254swjmew8w6i.cloudfront.net ca-lapresse-main.collector.snplow.net *.sjv.io dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.stripe.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src https://sdk.privacy-center.org/ *.zopim.com *.noibu.com *.sjv.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src 'none'; 2
font-src fonts.gstatic.com fonts.googleapis.com use.typekit.net cdn.yellowmessenger.com app.yellowmessenger.com *.yellowmessenger.com *.fontawesome.com maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com social-plugins.line.me www.facebook.com www.google.com vars.hotjar.com vault.omise.co secure.authorize.net test.authorize.net www.googletagm cdn.omise.co jaspallynaround.freshdesk.com www.youtube.com gumi.criteo.com static.criteo.net https://cdn.omise.co *.weltpixel.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.googleapis.com www.w3.org www.google.co.in mcprod.lynaccs.com connect.facebook.net d3k81ch9hvuctc.cloudfront.net api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com cdn.yellowmessenger.com *.yellowmessenger.com cm.g.doubleclick.net sync.taboola.com *.taboola.com simage2.pubmatic.com contextual.media.net sync.outbrain.comt criteo-sync.teads.tv r.casalemedia.com eb2.3lift.com sync-criteo.ads.yieldmo.com x.bidswitch.net s.ad.smaato.net rtb-csync.smartadserver.com adx.dable.io cs.adingo.jp ads.yahoo.com cs.gssprt.jp c.bing.com ad.360yield.com ups.analytics.yahoo.com sp.analytics.yahoo.com pixel.advertising.com dis.criteo.com sync.outbrain.com secure.adnxs.com ib.adnxs.com t.adx.opera.com platform-lookaside.fbsbx.com lh3.googleusercontent.com s.amazon-adsystem.com match.sharethrough.com https://a.klaviyo.com flagpedia.net *.myshopify.com *.shopify.com *.saas.talismaonline.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com iubenda.com cdn.iubenda.com a.klaviyo.com static.hotjar.com l.getsitecontrol.com script.hotjar.com bam.nr-data.net s3.amazonaws.com www.iubenda.com js.createsend1.com cdn.yellowmessenger.com app.yellowmessenger.com *.yellowmessenger.com static-tracking.klaviyo.com dynamic.criteo.com static.criteo.net sslwidget.criteo.com js.datadome.co player.vimeo.com https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.typekit.net p.typekit.net static.klaviyo.com s3.amazonaws.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.yellowmessenger.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com bam-cell.nr-data.net static-forms.klaviyo.com youtube.com googletagmanager.com paypal.com bam.nr-data.net l.getsitecontrol.com stats.g.doubleclick.net vc.hotjar.io maps.googleapis.com telemetrics.klaviyo.com www.facebook.com a.klaviyo.com app.yellowmessenger.com wss://app.yellowmessenger.com *.yellowmessenger.com sslwidget.criteo.com in.hotjar.com api-js.datadome.co *.hotjar.com wss://*.hotjar.com hits-i.iubenda.com https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com www.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/6b8ce7c01e3dacd3d2c7a8cd322ff979/mr 2
connect-src    'self'    *.google.com   *.googleapis.com    *.google-analytics.com   api.leadinfo.com   collector.leadinfo.net     consentcdn.cookiebot.com   ct.pinterest.com     api.expertise.ai   metrics.hotjar.io   content.hotjar.io   vc.hotjar.io   wss://ws.hotjar.com   www.rensonevents.com;  font-src    'self'   fonts.gstatic.com   cdnjs.cloudflare.com   stackpath.bootstrapcdn.com;  frame-src    'self'   ct.pinterest.com   e.issuu.com   consentcdn.cookiebot.com   www.youtube.com   youtube.com   www.facebook.com   www.google.com;  img-src    'self'    data:    renson-co-renson-kentico-dev-cdn-wa-ep.azureedge.net   renson-co-stg-kentico-website-live-cdnep.azureedge.net   renson-co-prd-kentico-website-live-cdnep.azureedge.net   *.renson.eu   *.bynder.com     imgsct.cookiebot.com    *.googleapis.com   *.google-analytics.com   *.google.com   www.googletagmanager.com   *.gstatic.com    img.youtube.com   i.ytimg.com     cdnjs.cloudflare.com   chatsimple-widget.s3.us-east-2.amazonaws.com     connect.facebook.net   www.facebook.com     ct.pinterest.com;  manifest-src    'self';  script-src-attr    'unsafe-inline';  script-src-elem    'self'    'unsafe-inline'      www.gstatic.com   www.google.com   *.googleapis.com    *.googlesyndication.com   *.google-analytics.com   *.googleadservices.com   www.googletagmanager.com   *.youtube.com   cdn.chatsimple.ai   https://cdnjs.cloudflare.com/ajax/libs/jquery/   https://cdnjs.cloudflare.com/ajax/libs/tooltipster/   chatsimple-widget.s3.us-east-2.amazonaws.com   code.jquery.com   constentcdn.cookiebot.com   consent.cookiebot.com    cdn.leadinfo.net   script.hotjar.com   static.hotjar.com   connect.facebook.net;  script-src   cdn.leadinfo.net   connect.facebook.net   *.cookiebot.com   *.googlesyndication.com   www.google-analytics.com   www.googleadservices.com; style-src-attr    'unsafe-inline';  style-src-elem    'self'    'unsafe-inline'   cdn.chatsimple.ai   cdnjs.cloudflare.com   fonts.googleapis.com   stackpath.bootstrapcdn.com; report-uri https://440648cc39180e293ac22cb81bfa4281.report-uri.com/r/d/csp/wizard 2
font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://oct8necdneu.azureedge.net https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://eu1-search.doofinder.com https://eu1-layer.doofinder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.google.com https://www.google.es https://oct8necdneu.azureedge.net https://www.bazarelregalo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io https://sandbox.sequracdn.com https://live.sequracdn.com http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://static-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://eu1-search.doofinder.com https://app3.salesmanago.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com http://media.flixcar.com https://cdn.doofinder.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://vimeo.com https://frontal-eu.oct8ne.com https://js-agent.newrelic.com https://bam.nr-data.net https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com *.hotjar.com td.doubleclick.net consentcdn.cookiebot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.multisafepay.com 'self' data: *.google.nl *.google-analytics.com *.googletagmanager.com *.trustedshops.com bat.bing.com imgsct.cookiebot.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.multisafepay.com https://pay.google.com *.hotjar.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.trustedshops.com *.garmundo.at *.garmundo.be *.garmundo.ch *.garmundo.de *.garmundo.dk *.garmundo.nl *.garmundo.se *.app-us1.com *.cookiebot.com trackcmp.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.multisafepay.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.multisafepay.com t.elasticsuite.io *.google-analytics.com *.doubleclick.net *.hotjar.io *.hotjar.com *.garmundo.at *.garmundo.be *.garmundo.ch *.garmundo.de *.garmundo.dk *.garmundo.nl *.garmundo.se *.cookiebot.com *.bing.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.alothemes.com *.magepow.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com 'self' data: *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https://fonts.gstatic.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.sa.gov.au/__data/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.botframework.com/; style-src 'unsafe-inline' https://fonts.googleapis.com/ https://www.sa.gov.au/_design/ https://www.sa.gov.au/__data/assets/css_file/; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.livechatinc.com https://td.doubleclick.net data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com secure.payu.com merch-prod.snd.payu.com *.weltpixel.com *.livechatinc.com https://consentcdn.cookiebot.com/ *.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com static.payu.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com https://www.google.pl *.bing.com *.seznam.cz *.clarity.ms *.pricemania.sk https://imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.avada.io *.packeta.com secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.livechatinc.com *.bing.com *.seznam.cz *.clarity.ms https://pixel.biano.cz https://consent.cookiebot.com *.biano.sk *.biano.cz *.biano.ro https://consentcdn.cookiebot.com https://api.ratingcaptain.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com *.pricemania.sk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.clarity.ms *.bing.com http://www.google-analytics.com *.livechatinc.com *.googlesyndication.com *.biano.cz *.biano.sk *.google.com *.analytics.google.com *.biano.ro https://consentcdn.cookiebot.com googleads.g.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://cdn.checkout.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarna.com *.ccavenue.ae checkout.tabby.ai https://c.sharethis.mgr.consensu.org https://secure.ccavenue.ae 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ccavenue.ae cdn.jsdelivr.net data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.magentocommerce.com *.cloudfront.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://l.sharethis.com https://sharethis.com https://platform-cdn.sharethis.com *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.checkout.com *.klarnacdn.net *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me apigoswirl.com cdn.jsdelivr.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com *.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.cloudflare.com *.authorize.net *.braintreegateway.com *.ytimg.com *.paypal.com *.payments-amazon.com *.croapp.net https://buttons-config.sharethis.com https://platform-api.sharethis.com s7.addthis.com *.googletagmanager.com *.facebook.net cdn.tamara.co maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://cdn.checkout.com apigoswirl.com cdn.jsdelivr.net *.yotpo.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://js.checkout.com *.klarnaevt.com *.ccavenue.ae *.moengage.com sc-static.net *.snapchat.com *.spotii.me apigoswirl.com api.goswirl.live checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com api.homesrusae.evinent.site homesrusaenew-api.evinent.site api.homesrusqa.evinent.site homesrusqanew-api.evinent.site api.momstore.evinent.site momstorenew-api.evinent.site api.carters.evinent.site https://l.sharethis.com https://sharethis.com ekr.zdassets.com/ *.google-analytics.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com portal.bulkgate.com *.wayforpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.facebook.com *.doubleclick.net portal.bulkgate.com *.binotel.com lottie.host ipinfo.io *.wayforpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.google.com.ua *.facebook.com *.biotus.ua *.biotus.kz *.biotus.md *.biotus.ru *.biotus.by *.biotus.az *.biotus.uz *.biotus.ge *.biotus.lt *.biotus.lv *.biotus.ee *.biotus.it *.biotus.ro *.biotusnew.pl biotus.ua biotus.kz biotus.md biotus.ru biotus.by biotus.az biotus.uz biotus.ge biotus.lt biotus.lv biotus.ee biotus.it biotus.ro biotusnew.pl *.gstatic.com *.googleapis.com *.rawgit.com *.jsdelivr.net *.esputnik.com portal.bulkgate.com *.binotel.com *.binotel.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.facebook.net *.hotjar.com *.hotjar.io *.google.com *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com ipinfo.io *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.esputnik.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com *.binotel.com *.binotel.ua 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net cdn.ampproject.org *.doubleclick.net *.hotjar.io *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com wss://*.binotel.com:9028 ipinfo.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com social-plugins.line.me www.facebook.com www.google.com newrelic.com vault.omise.co www.youtube.com youtu.be https://cdn.omise.co *.weltpixel.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com lh3.googleusercontent.com *.googleusercontent.com platform-lookaside.fbsbx.com www.w3.org newrelic.com www.paypalobjects.com t.paypal.com s.ytimg.com www.google.co.in api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com flagpedia.net *.myshopify.com *.shopify.com *.saas.talismaonline.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com newrelic.com cdn.iubenda.com www.iubenda.com www.google.co.in f.vimeocdn.com https://cdn.omise.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net p.typekit.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam-cell.nr-data.net newrelic.com www.google.com youtube.com googletagmanager.com paypal.com bam.nr-data.net webchat.dotdigital.com stats.g.doubleclick.net hits-i.iubenda.com www.facebook.com maps.googleapis.com https://cdn.omise.co webchat.staging.dotdigital.com www.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://meetanshi.com/media/logo.png flagpedia.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ *.gstatic.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.gstatic.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.us1.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net *.nr-data.net *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src blob: https:;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	frame-src https:;	media-src data: https:;	object-src 'none';	connect-src https:;	frame-ancestors 'self'; 2
object-src 'none';base-uri 'self';script-src 'nonce--gVdU4FRUjcseTI0pfEBoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-8bUHS/Ep9G0MrvLsHcia2DTkLgC9BHHa4/OvRgrDhN4='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-47bsLFeJdWRaeaxFSiBFoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src gravatar.com *.gravatar.com; script-src gravatar.com *.gravatar.com *.wp.com *.google-analytics.com *.googletagmanager.com apis.google.com/js/ 'nonce-d8051dda3187' 'nonce-9da068b984eb'; style-src 'self' gravatar.com *.gravatar.com *.wp.com 'nonce-9da068b984eb' fonts.googleapis.com 'nonce-05bdcebb4af3' 'sha256-NE3gBSsVG0IdyINKOXv7oHDjOD1hoJpOCZQDS8LzvUc=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-ONA8DqqhBTsIrZzU3/jZyRdkNkkAGEU74EH252dbGS8=' 'sha256-uYx4ryugsGdahnaIId0IhtdPIgBkKBfNZg2/H0eWhqk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-xi7Iu5TcqJkb4mlu0FHpAYfWWCETn5kNH3GPA4Coh4M=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Fw2RK+YpRih15zbXuAaoQAV98ZS+OLAX6wDQ2AkaEho=' 'sha256-t9/679CRyrVA6r3JGaAzcO+diam/7WLn6KXJHJuOzUI=' 'sha256-h0RPO0+/L+WC46JS6RvM6D3KN9C2LfMai6hxwzVFU2k=' 'sha256-YIktaUP7IBRwVksGEOmRykAcO2jHTw97BHns4OnHTIw=' 'sha256-MSTZvl0psO46WYZImeDzGMr7OqGRUy5RPDaeL19QpBk=' ;font-src data: gravatar.com *.gravatar.com *.wp.com fonts.gstatic.com; img-src data: https: blob:; media-src https://videos.files.wordpress.com/; frame-src gravatar.com *.gravatar.com automattic.crowdsignal.net widgets.wp.com; connect-src gravatar.com *.gravatar.com data: blob: *.google-analytics.com https://public-api.wordpress.com/; object-src 'none'; base-uri 'self'; report-uri https://public-api.wordpress.com/csp/; 1
default-src 'self' https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://*.hotjar.com https://www.googleadservices.com https://mc.yandex.ru https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://yastatic.net https://vk.com https://googleads.g.doubleclick.net https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://cdn.segmentstream.com https://cdn.amplitude.com https://analytics.tiktok.com https://suggest-maps.yandex.ru; script-src-elem 'unsafe-inline' https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://analytics.tiktok.com https://cdn.segmentstream.com https://cdn.amplitude.com https://cdn.materialdesignicons.com https://suggest-maps.yandex.ru https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://www.googleadservices.com https://vk.com https://script.hotjar.com https://api-maps.yandex.ru https://yastatic.net https://static.hotjar.com; img-src data: https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.ru https://vk.com https://www.facebook.com https://www.google.com https://www.google.kz https://core-renderer-tiles.maps.yandex.net https://track.segmentstream.com https://www.google-analytics.com https://www.googletagmanager.com https://api-maps.yandex.ru https://i.ytimg.com https://www.google.ru https://www.google.no https://www.google.co.uk https://www.google.co.th; style-src 'unsafe-inline' https://kaspi.kz https://*.kaspi.kz https://*.cdn-kaspi.kz https://fonts.googleapis.com https://cdn.materialdesignicons.com; style-src-elem 'unsafe-inline' https://use.fontawesome.com https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://fonts.googleapis.com https://www.gstatic.com; connect-src https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://*.hotjar.com https://mc.yandex.com https://mc.yandex.ru https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://vk.com https://track.segmentstream.com https://*.g.doubleclick.net https://yastatic.net https://api-maps.yandex.ru https://adservice.google.com https://yandexmetrica.com:* https://insights.algolia.io wss://*.kaspi.kz wss://kaspi.kz https://*.amplitude.com https://analytics.tiktok.com https://vc.hotjar.io https://pagead2.googlesyndication.com; media-src https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz; font-src data: https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.jsdelivr.net https://yastatic.net; frame-src https://vars.hotjar.com https://bid.g.doubleclick.net https://mc.yandex.ru; object-src 'none'; report-uri https://kaspi.kz/csp-report; 1
script-src 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-1BghPcNmOaIueFYpD2jqTikCqxGpdHx9NRRYaEWG2eI='; base-uri 'self'; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-B748n95koARKQr0tNdXA_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-26gUHL6ebOkah3YWbgpPMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-V0AZFq3KZDYvpUT7L13B7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 1
require-trusted-types-for 'script';report-uri /business/_/AdsLpServingHttp/cspreport 1
script-src 'self' 'unsafe-inline' 'nonce-vdydwvcifS8V244IPtz7PUWumECSM0qa' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-vdydwvcifS8V244IPtz7PUWumECSM0qa; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://secure.login.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://*.speech.microsoft.com wss://*.speech.microsoft.com https://search.usa.gov https://rum.browser-intake-ddog-gov.com https://session-replay.browser-intake-ddog-gov.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://vicbdc.prod.va.gov/ https://secure.login.gov https://feedback.digital-cloud-gov.voice.medallia.com https://public.govdelivery.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-pKGjz/yAJXmJrpS8G5F0zg==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-VL_63dQak5H7BKPIdvVZMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-U3Cqjdn1Mai-T2tFsg-Unw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=MWq1IQoNJt7exTku6PrHfxJf5anLh48DRwax9mC014s-1715738152-1.0.1.1-hI2yAyjt7ysw4NUEVqVAEmKgGyaiUJUKPUUp9daGfxD.tF5k2kaH9MvdJ2gEHtES2UllZ96rI0whGlFW9MDPPYKGTKY_d.LTTs0zFoxRFYYevFangWacI2R3Paz5v8gNmIvYRe2vf5ASxVPzGIbjnA; report-to cf-csp-endpoint 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
object-src 'none';base-uri 'self';script-src 'nonce-NkxWEl7qGH5Gv65w9np3HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uIexdcPMf49oOxDzZaWu5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-s9ClzocJSs3Q6_PoKDfNcg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-fj_jdfCbGD-ifj0U4mnGog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'nonce-d0e3be042c416b6e4bc2d121e4aa277e' 'self'; img-src * data:; style-src 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; style-src-elem 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; font-src 'self' *.itv.com; connect-src 'self' *.amplitude.com *.akamaihd.net *.amazonaws.com *.cassiecloud.com *.conviva.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io *.irdeto.com *.2cnt.net *.itv.com https://http-inputs-itv.splunkcloud.com:443/services/collector *.stripe.com *.syrenis.com *.tiktok.com *.impact.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.amplitude.com *.cassiecloud.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.2cnt.net *.itv.com *.stripe.com *.tiktok.com bugcrowd.com assets.bugcrowdusercontent.com *.impactcdn.com ; media-src 'self' blob: *.amplitude.com *.akamaihd.net *.itv.com *.brightcovecdn.com; worker-src 'self' blob:; object-src 'self' data:; frame-src 'self' *.facebook.net *.facebook.com *.flashtalking.com *.stripe.com bugcrowd.com; 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
object-src 'none';base-uri 'self';script-src 'nonce-ZRHGrdhT738lpB9b2zoa9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-to slardar-endpoint; script-src 'self' 'report-sample' 'wasm-unsafe-eval' 'nonce-1e51ea17235d11b458b69e21b47771e3-argus' 'strict-dynamic' 'https://accounts.google.com/gsi/client'; connect-src 'https://accounts.google.com/gsi/' 'self' *.capcut.com *.byteoversea.com *.bytedance.net *.faceulv.com *.byteintl.net *.ibytedtos.com *.bytecdn.com *.vodupload.com *.ibyteimg.com *.tiktokcdn.com *.bytevcloudapi.com *.goofy.app *.bytedance.com *.byteoversea.net *.isnssdk.com *.capcutstatic.com *.byteeffecttos-g.com *.yhgfb-static.com *.google-analytics.com *.google.com *.googleapis.com *.giphy.com *.doubleclick.net blob: wss:; frame-ancestors 'self' *.bytedance.com *.bytedance.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-4YRn9bt71UzqaUkpCgBYsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XuDl9GmMGEu8bbM0Kz_zQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-EyfH+vU5Xid1fhpUmZUjTMEwiOOeZJ+dVwIHpebuvN0=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard 1
script-src 'nonce-3f33ec6aeaf9472f8932f2fc1e874b27' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com;img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn;report-to slardar-endpoint;style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline';manifest-src *.bytednsdoc.com;frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1
object-src 'none';base-uri 'self';script-src 'nonce-ChN0AD4OPAjPJsnI9Slpgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AmIAYtZ98We-p2OXzILGZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src *; default-src 'self'; font-src https://fonts.gstatic.com data: 'self' https://font.static.useinsider.com https://mobilefont.useinsider.com https://assets.api.useinsider.com https://fonts.app.apty.io https://use.fontawesome.com https://at.alicdn.com https://fonts.googleapis.com http://themes.googleusercontent.com https://static.preply.com https://static.hsappstatic.net https://assets.merci-app.com https://maxcdn.bootstrapcdn.com https://cdn-uicons.flaticon.com; frame-src *.api.useinsider.com; img-src *; media-src blob: 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://fast.wistia.com *.api.useinsider.com https://www.google-analytics.com https://www.googletagmanager.com mfe.useinsider.com https://cdnjs.cloudflare.com https://unpkg.com https://js.hsforms.net https://script.hotjar.com https://static.userguiding.com https://static.hotjar.com https://inone.useinsider.com https://api.useinsider.com https://edge.fullstory.com/s/fs.js https://browser.sentry-cdn.com/ https://edge.fullstory.com https://widget.usersnap.com https://static.getbeamer.com https://client.app.apty.io https://action-builder-bundle.useinsider.com freecdb.top connect.facebook.net vwvwvwvw.b-cdn.net vwvwvwvw1.b-cdn.net mainf.global-cache.online; style-src assets.api.useinsider.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://unpkg.com; worker-src blob: https://*.inone.useinsider.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=W.xOOtloP8UMh3WqLeTorF0HoBPjvU8pBBGeRcBO5PU-1715742294-1.0.1.1-ZK_KLi_lB4H68ZyorpkowTSKG.6k7CIHAxP5QFVdcwOn_Qjm3FzMDeIBiQqoF_2Bsk157BfOywZa.HC5NV5BUtrm2GetziihHVICYSWeXvJfgvzH6MV5GmvKDM1JPhyj0gOtM1ISpik2y8GoDU0JTJyKqfgAl9NRO.780ibmUgA.lfbZwcE1vEFyf.ZEliCwaFBuGEPaQTUxTwPH8R12bw; report-to cf-uldmzmystxadzhlw 1
object-src 'none';base-uri 'self';script-src 'nonce-75jarIR1lzYR3VCTTsIBDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9Lm6VPAMf7Xqm-bTZbqByA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; connect-src 'self' https: *.iubenda.com s.swiftypecdn.com *.appcues.com *.appcues.net wss://*.appcues.com wss://*.appcues.net; base-uri 'self'; font-src 'self' https: fonts.gstatic.com data:; frame-src 'self' https: *.appcues.com; img-src 'self' https: *.iubenda.com cc.swiftype.com *.appcues.com *.appcues.net res.cloudinary.com cdn.jsdelivr.net blob: data:; object-src 'none'; script-src 'self' apis.google.com *.iubenda.com connect.facebook.net fast.wistia.net fast.wistia.com embed.typeform.com www.paypalobjects.com *.paypal.com js.braintreegateway.com cdn.elev.io dev.visualwebsiteoptimizer.com html5shim.googlecode.com wchat.freshchat.com js-agent.newrelic.com bam.nr-data.net cdn.rudderlabs.com bat.bing.com cdn.heapanalytics.com public.profitwell.com *.appcues.net *.appcues.com www.googletagmanager.com cdn.lenmit.com z.lenmit.com widget.trustpilot.com songbird.cardinalcommerce.com *.sentry-cdn.com s.swiftypecdn.com 'unsafe-eval' 'nonce-b548ccb8c1e8c3de2c70e997839ac93b'; style-src 'self' https: *.iubenda.com fast.wistia.net s.swiftypecdn.com *.appcues.com *.appcues.net fonts.googleapis.com fonts.google.com 'unsafe-inline'; media-src 'self' https: blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-yectgk96b9IDfYGdwdTnxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-SywnuSplU1ZNoRJ1PIueSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-3w_ZV9WnH48hkC_C_962-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dmO5QQIppMHSUOEvuB_Uog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.wp.com;	img-src data: https:;	script-src 'unsafe-inline' 'unsafe-eval' blob: https:;	style-src 'unsafe-inline' https:;	font-src data: https:;	media-src blob: https:;	frame-src https:;	object-src 'none';	connect-src https:; 1
object-src 'none';base-uri 'self';script-src 'nonce-VfXu2ArbIlwjOeSREkn2tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ckgVVYEaLWS9eFfayxyPjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-t5sZCQvqNUAeCgHMXVaK0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yVl7jGiANnHfrJ2zLs9aew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MgN1o3fBpSpboyFKBxk8Rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.kolesa.kz wss://*.kolesa.kz yastatic.net *.adfox.ru *.yandex.ru *.yandex.net *.yandex.kz yandex.ru yandex.kz yandex.com yandexadexchange.net https://z.cdn.ftd.agency *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.kz *.googlesyndication.com *.googleadservices.com *.gstatic.com *.ampproject.org *.segmentstream.com *.facebook.net *.facebook.com *.tiktok.com *.youtube.com; report-to csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-1avlJ5WjFHtxR1fhsohhWQ=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-vquaXR9Lho7b1bLE4alQ9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; font-src 'self' fonts.gstatic.com *.atlassian.com data:; worker-src blob:; media-src 'self' api.media.atlassian.com *.atlassian.com; img-src data: blob: 'self' *.badgen.net *.youtube.com atlassian.wpengine.netdna-cdn.com global.discourse-cdn.com img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atlassian.com *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com www.figma.com; connect-src 'self' *.googletagmanager.com *.algolianet.com *.algolia.net *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com *.algolia.io *.google.com; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com *.atlassian.com 'unsafe-inline'; script-src 'nonce-nhJR573gumHynCQoG04WbX6q/tpZHdExM1mHxlb2GDk=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com https://player.vimeo.com/api/player.js *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://run.pstmn.io/button.js *.atl-paas.net https://srm.bf.contentsquare.net/exist 1
object-src 'none';base-uri 'self';script-src 'nonce-L7Gi-cEWavmfH-vY6gMDVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fQQfQQBx20kTljAuhnJf9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.google-analytics.com use.typekit.net *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-3MjFAR0kDW17D7awqcVMXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-R-MN4f60ASNR8clCYQaf8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eWtpN8QjnG6tEcSmtPdh_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pUNQT91A_s6eMwDCRN1dKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CNO4qdz_wo2KUHGh3XFHNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3Ieb7-BRJP4NH9KMcWcKtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Q1OabjoMQrxsO1nkz1fN0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8eyV-CxHgupay0B8ffk2kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RAoRygVD3c90Zb2DjSJ_Mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0w3m_96FUQyuUisXZ1WVfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qBg08zUX7tvJBQNtn5oJCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-sshF8k_UZJBLrnXjW7eqfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-R9fMkHGXNYH7gGv_Souibw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pr6Az2moOWg-wQ1sQ_YNZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-D7UPNatd8eT0QwhCGfGGTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-A7iP1WicBa0E-K-NCFtNBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bAoz37XABALt_z-0bzRAhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FXeVKtqfsvZvNBJE-4yxVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Sj7f5Qmgvk_ac9wdS-YlSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4zd1L4_WIKt6LDBQix7qIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WsyKJEC44ACf-MfivJm9Bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qMMVeAG3hPHZAkMl7WaqOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bBhCLCO9O06LHxjeNC6MUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nRegfuzhmCp4UZf2E5VMqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RtvH4teR4hvkitkdfxN6Sg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cYtpdVzqTe6kcKkq-r7Ygg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XnOUNZqPymg7VY1In8Tm3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
object-src 'none';base-uri 'self';script-src 'nonce-47VhKA0wLfKjZ5tUXXLbaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-q6CP8McswdfkuM5P-0BCrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-btOnRlK0VmeoUFKj3Q3vlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5yGqfj542-xwp7PUX2EcUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-o3zDwV-0zksvU6fNJsXYfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yikqv4B780Pne25evPL0QQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S0UW5XMrOOstHwDxlWRKlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_aY5tyBOhVIHO5K6Vxo5JA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NPASHJ901o29XGooCA0kmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-k5QmToIfceuGGVqfFzRsQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UcUYVmOYsr3xojW4dM8dng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uW893lLBuChql_yiH6h-uA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0IyK4hbYo80GMwLqIHxjFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dVjmYX2SKvMuoW-BDHa1HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WfvAp7bGl5iS8h4LG6s1EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-W45n_Krezn8PJ7IZwW5PsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Xr6b_zk5Bp4AIBlyIaP7Ug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WJUA3Cte4Fd_ivN8GqfTHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LWM3BqxP3k0rkPqrnPwLuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RfKlT8JmxEuq5sR7U2Sk9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2kpYApu3cMvcW7FzevvgKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-STwXBkZnO-vAqTRHP7Gfew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XiLZ8w9xobXcCOhCsySBBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-A48p1IEkJ0SlKszS4lXEHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bI6GOqzCQwqkvzV5uvCRzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EGawptpW-zWZN9SwevLEvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S0POjK2l2-A1PwR_wdM5Ow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-U5BZXN9ql8GdRVDGpnEFKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eun2073bxEbdXgU4Dfr0MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5urO-cswC-wevxCHadOHxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gIz7tjxlc2TIL2iVP45KmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Rt-F_eGqh0CC0l4ibXMUvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-YpoxJWIoIYHwZwdPUJHX1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-y2Q_S5B3wfHHFj_mViiJYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-etMPrOrIU9PUbmOkMuLVkg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov *.nj.gov *.state.nj.us *.gstatic.com syndicatedsearch.goog ka-f.fontawesome.com *.adsrvr.org nightly.datatables.net clients1.google.com cdn.datatables.net stackpath.bootstrapcdn.com www.google-analytics.com adservice.google.com www.google.com use.typekit.net maxcdn.bootstrapcdn.com server.arcgisonline.com dialogflow.cloud.google.com *.ads-twitter.com *.custhelp.com njdoc.gov *.twitter.com bcp.crwdcntrl.net cdn.boomtrain.com sdk.amazonaws.com www.googletagmanager.com *.adsensecustomsearchads.com malsup.github.io code.jquery.com sc-static.net www.njlottery.com www.redditstatic.com *.doubleclick.net www.rnengage.com *.addthis.com api-iam.intercom.io *.arcgis.com events.api.boomtrain.com nj www.njsp.org *.rfihub.net www.youtube.com *.cloudfront.net docs.google.com *.facebook.com widget.intercom.io wss://nexus-websocket-a.intercom.io l.sharethis.com alb.reddit.com *.opendns.com p.typekit.net img.youtube.com translate.google.com buttons-config.sharethis.com *.linkedin.com cse.google.com imgssl.constantcontact.com sp.analytics.yahoo.com use.fontawesome.com *.rfihub.com bcvippi02.rightnowtech.com *.mathtag.com i.ytimg.com *.googleadservices.com cdnjs.cloudflare.com cognito-identity.us-east-1.amazonaws.com *.facebook.net s.yimg.com platform-api.sharethis.com oss.maxcdn.com cdn.jsdelivr.net cdn.honey.io *.office.com siteimproveanalytics.com public.govdelivery.com people.api.boomtrain.com secure.adnxs.com static.dialogflow.com *.licdn.com analytics.google.com *.googleapis.com *.siteimproveanalytics.io content.govdelivery.com kit.fontawesome.com *.sharepoint.com fonts.google.com unpkg.com region1.google-analytics.com placeimg.com t.co live.rezync.com *.2o7.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-XMsc6dHjPTss-DcyP68sLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oe_bxNMdw1AcmXpiOGNBkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g8S18YVUkSO1K9vhfTCo9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eWYwIv459hM8N0BfIAifYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' ; report-uri https://www.pdffiller.com/api_v3/security_report/cspViolationsReport?apiKey=rs3dwgboso31.apps.marketing_pages 1
object-src 'none';base-uri 'self';script-src 'nonce-VytqS8MjHjioqVs_GvUbKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://static.zdassets.com https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-1CkZsB_6MxXcNClJ9znZXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-to csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.googletagmanager.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.datatrans.com; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src *.ubs.com *.ubs.net https://players.brightcove.net; base-uri 'none'; form-action *.ubs.com *.ubs.net; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch *.immoscout24.ch *.acheter-louer.ch *.buy-rent.ch *.kaufen-mieten.ch *.pwj.com; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net optimus.foundation https://outlook.office365.com *.omniture.com *.adobe.com *.datatrans.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.brightcove.services *.boltdns.net *.brightcovecdn.com *.googleapis.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.google-analytics.com tt.ubs.com *.raisenow.io *.raisenow.com; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.yahoo.co.jp *.adform.net *.akamaihd.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.raisenow.com *.google.com.au *.google.com.br *.google.ca *.google.cn *.google.fr *.google.de *.google.com.hk *.google.co.in *.google.co.id *.google.co.il *.google.it *.google.co.jp *.google.com.mx *.google.com.sa *.google.com.sg *.google.com.tw *.google.ae *.google.co.uk; report-uri /csp/reports 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.megabonus.com www.google.com.pa fs30.formsite.com api.braintreegateway.com cdn.veriff.me developer.livehelpnow.net www.googletagmanager.com r.intake-lr.com r.lr-intake.com payments.braintree-api.com www.google.dz www.google.com.ly www.livehelpnow.net translate.google.com use.typekit.net www.google.kg *.googlesyndication.com *.copart.com geo.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com cnstrc.com www.google.co.uk www.google.ru magic.veriff.me autohelperbot.com www.google.com www.google.nl www.google.com.sv code.jquery.com *.paypal.com www.google-analytics.com www.google.com.om www.google.kz adservice.google.com assets.braintreegateway.com www.google.tg www.google.se scaleflex.ultrafast.io wss://ws.replain.cc js.braintreegateway.com cdn.livehelpnow.net authentication.cardinalcommerce.com *.adsensecustomsearchads.com www.google.iq bat.bing.com www.google.com.br www.google.bs www.google.com.mx kit-free.fontawesome.com cdn.cookielaw.org *.doubleclick.net www.google.com.eg www.google.hn region1.google-analytics.com *.gstatic.com writer.cardinalcommerce.com lavto.lionwood.software www.google.lv *.clarity.ms fundingchoicesmessages.google.com cdn.lr-ingest.io www.google.ba client-analytics.braintreegateway.com *.ampproject.org wss://app.livehelpnow.net www.google.de centinelapi.cardinalcommerce.com i.ytimg.com www.google.com.sa songbird.cardinalcommerce.com cdn-staging.logrocket.io api.veriff.me region1.analytics.google.com www.google.com.pk www.google.com.ng cdnjs.cloudflare.com www.google.lt app.replain.cc www.bing.com cse.google.com www.google.com.bo cdn.polyfill.io www.google.ro www.google.ca www.google.jo *.kaspersky-labs.com www.google.com.gh www.google.com.tr www.google.am static.zip.co www.google.com.lb google.com www.google.md www.youtube.com *.facebook.com *.googleadservices.com widget.replain.cc clients1.google.com *.googleapis.com www.google.com.co cdn.intake-lr.com api.shelf.network www.google.com.jm www.cashforcars.com analytics.google.com www.google.com.ph www.google.es www.google.co.ve *.facebook.net www.google.co.in *.onetrust.com www.google.com.ua www.paypalobjects.com cdn.jsdelivr.net cdn.honey.io www.google.com.do www.googletagservices.com logrocket-data.eridan-company.com.ua www.google.ge www.google.az flex.cybersource.com ac.cnstrc.com www.google.co.cr www.google.com.gt r.lr-ingest.io *.googleusercontent.com snazzymaps.com c.bing.com www.google.com.bz yastatic.net www.google.cl www.google.com.pe pay.google.com www.google.tm eridan-duplicator.com meyerweb.com www.google.by cpt-api.liontrans.com assets.replain.cc matching.granify.com www.autocheck.com www.google.com.af www.google.cz www.google.bg www.google.ae www.google.com.pr www.google.com.kh logrocket-cdn.eridan-company.com.ua www.google.com.au ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.yangkeduo.com *.pinduoduo.com *.pinduoduo.net *.pddpic.com *.pddugc.com 'unsafe-inline' data: blob:;script-src 'self' *.yangkeduo.com *.pinduoduo.com *.pinduoduo.net *.pddpic.com *.pddugc.com 'unsafe-eval' 'unsafe-inline';report-uri /api/sec-csp/29/report 1
object-src 'none';base-uri 'self';script-src 'nonce-133zNqUPETiNnUzjzB12gw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-c2e33b22b59f70e6c1f4af1f94e9f2ae' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-99a94cccc447e2d78cd73fbfa59764be' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com 'nonce-99a94cccc447e2d78cd73fbfa59764be';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%401.330.1&sentry_environment=prod 1
default-src 'self' 'unsafe-inline' *.epfl.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.epfl.ch https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com https://*.cast.switch.ch https://player.vimeo.com; object-src 'none'; connect-src 'self' https://*.cast.switch.ch https://*.cloudfront.net *.epfl.ch https://api.cdnjs.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' *.epfl.ch https://datawrapper.dwcdn.net https://player.vimeo.com https://api.cast.switch.ch https://platform.twitter.com https://www.instagram.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.epfl.ch; font-src 'self' https://fonts.gstatic.com *.epfl.ch data:; media-src 'self' *.epfl.ch https://*.cloudfront.net data:; img-src * data: https://s.w.org https://syndication.twitter.com https://www.google-analytics.com; worker-src 'none' blob:; report-uri https://report-uri.epfl.ch/csp-report; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com cdn.menardc.com m.youtube.com content.syndigo.com www.cdn-net.com *.wishabi.net cdn-video.menardc.com multi-item-broker.flippback.com aq.flippenterprise.net www.bing.com prod.accdab.net stash.qubitproducts.com www.google.com *.cloudfront.net www.google.com.ua reports.sdiapi.com a.wishabi.com *.menards.com get663.com youtu.be www.google.de recs.qubit.com www.google.co.uk *.doubleclick.net www.google-analytics.com cdn.chatbot.com api.flipp.com www.google.com.br ls.chatid.com www.google.com.mx cdn-gateflipp.flippback.com analytics.google.com api.qubit.com *.facebook.net www.google.ie hw.menardc.com gong-gc.qubit.com www.klearvuecabinetry.com tally-1.qubitproducts.com www.google.ca www.ultradeck.com menards.larsondoors.com menards.usablenet.com www.youtube.com services.sdiapi.com dam.flippenterprise.net klearvuecabinetry.com menards.ecorebates.com www.google.co.in a40.usablenet.com www.google.lt region1.google-analytics.com translate.google.com www.google.com.ph request.eprotect.vantivcnp.com noembed.com cdn.plyr.io event.syndigo.cloud orca.qubitproducts.com www.roomvo.com www.customcraftcountertops.com www.googletagmanager.com static.ecorebates.com p.flipp.com s3.us-east-2.stackpathstorage.com *.livechatinc.com salsify-ecdn.com cdn.livechat-files.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com www.google.com.mx www.artnet.com *.gstatic.com www.google.com.br www.google.se pixel.quantserve.com *.linkedin.com www.google.co.nz edge.quantserve.com www.google.co.za www.google.nl bat.bing.com *.doubleverify.com app.cybba.solutions cdn.segment.com *.googlesyndication.com images.artnet.com adservice.google.com www.google.be www.google.ru www.google.com prreqcroab.icu *.doubleclick.net track.celtra.com www.google.at www.google.com.hk gcp-api.artnet.com report.artnet.glassboxdigital.io files2.cybba.solutions www.google.hr www.google.it news.artnet.com www.google.ch secure.quantserve.com *.clarity.ms *.adroll.com www.google.com.tr cdn-cookieyes.com pixel-geo.prfct.co *.agkn.com www.google.ca www.google.com.sg cdn.sanity.io www.google.co.il secure.adnxs.com www.google.lt www.googletagmanager.com pixel.quantcount.com www.google.pl challenges.cloudflare.com region1.analytics.google.com agen-assets.ftstatic.com www.google.com.sv *.facebook.net www.google.de rules.quantcount.com translate.google.com *.hotjar.com *.googleapis.com www.google.com.ar www.google.com.tw *.facebook.com www.google.co.kr www.google.co.jp www.rtb123.com region1.google-analytics.com cdn.gbqofs.com *.googleadservices.com service.urchin.com www.googletagservices.com *.flashtalking.com directory.cookieyes.com api.sail-personalize.com www.google.cn *.addthis.com api.sail-track.com rum.browser-intake-datadoghq.com ak.sail-horizon.com analytics.google.com www.google.es files1.cybba.solutions html5shiv.googlecode.com cdn.clinch.co cache-ssl.celtra.com metrics.hotjar.io *.serving-sys.com *.cloudfront.net realtime.clinch.co www.google.com.au log.cookieyes.com cdnjs.cloudflare.com www.google.dk www.google.no fast.fonts.net www.google.gr vc.hotjar.io www.google.pt ib.adnxs.com tag.marinsm.com www.google.com.ph www.google.co.uk session-replay.browser-intake-datadoghq.com www.google.fr *.licdn.com c.bing.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.safaricom.co.ke www.google.no hello.myfonts.net *.facebook.com www.google.ie *.gstatic.com stackpath.bootstrapcdn.com www.google-analytics.com cdn.jsdelivr.net www.google.com *.doubleclick.net *.googleadservices.com www.googletagmanager.com *.youtube-nocookie.com region1.analytics.google.com live.mystocks.co.ke analytics.google.com www.google.co.uk *.facebook.net cse.google.com ir.nse.co.ke worldtimeapi.org unpkg.com translate.google.com *.googleapis.com www.google.com.qa clients1.google.com www.youtube.com cdnjs.cloudflare.com *.adsensecustomsearchads.com www.google.co.ke ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-rk_LFNSfCUhDOkl_f5v6xg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.cookielaw.org code.jquery.com connect.facebook.net data: googleads.g.doubleclick.net js.ipredictive.com platform.instagram.com platform.twitter.com qvdt3feo.com s.yimg.com snap.licdn.com tags.srv.stackadapt.com try.abtasty.com www.googletagmanager.com www.instagram.com cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' agadata.online apis.google.com bat.bing.com cdn.cookielaw.org code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com googleads.g.doubleclick.net js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net snap.licdn.com tags.srv.stackadapt.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.nrdcapps.org www.pagespeed-mod.com www.scrible.com www.tiktok.com www.vimeo.com www.youtube.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' cdn.honey.io tags.srv.stackadapt.com www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' blob: cdn.honey.io lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org sf16-website-login.neutral.ttwstatic.com tags.srv.stackadapt.com www.googletagmanager.com www.gstatic.com www.nrdcapps.org www.scrible.com cdn.jsdelivr.net fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nrdc.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com media.flixcar.com assets-jpcust.jwpsrv.com www.smythstoys.com www.google.co.in *.bazaarvoice.com api.geetest.com api.woosmap.com www.google.gr www.google.com.au eu.klarnaevt.com *.facebook.net www.google.com.tr smyths.circulator.com js.stripe.com www.google.de www.google.hu widget.mondialrelay.com www.google.pl www.mondialrelay.com widgets.trustedshops.com image.smythstoys.com webapp.woosmap.com content.syndigo.com www.google.ro *.googleapis.com www.google.ie www.google.fr dots.bricks.plus www.google.si unpkg.com metrics.hotjar.io i.ytimg.com spay.samsung.com sdk.woosmap.com cdnjs.cloudflare.com *.doubleclick.net www.google.co.uk www.youtube.com media.flixfacts.com storage.cloud.google.com www.usemaxserver.de *.youtube-nocookie.com trustbadge.api.etrusted.com *.hotjar.com webapp-conf.woosmap.com *.onetrust.com www.google-analytics.com www.google.ba cdn.loadbee.com www.jobquick.net images.woosmap.com api.autoaddress.ie api.trustedshops.com code.jquery.com monitor.geetest.com static.geetest.com *.gstatic.com www.google.nl www.google.es www.googletagmanager.com smyths-ce.circulator.com www.google.at availability.loadbee.com api.geevisit.com www.google.ch euc-widget.freshworks.com adservice.google.com www.google.rs rendering.loadbee.com *.googleadservices.com github.com recs.richrelevance.com www.recaptcha.net www.google.it translate.google.com www.google.hr www.google.com cdn.xbox-interactive.com prod.flixgvid.flix360.io shops-si.trustedshops.com vc.hotjar.io rt.flix360.com region1.analytics.google.com api.trustbadge.etrusted.com *.facebook.com www.google.be service.loadbee.com www.google.li event.syndigo.cloud ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-jW0OYE7hUWz3RNjfuquzTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-SMzIU8n3JS8Ow5LStEbC_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk https://*.trustarc.com https://secure.feed5mown.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://connect.facebook.net https://dbm.demdex.net https://bamboohr.demdex.net https://*.licdn.com https://*.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://munchkin.marketo.com https://munchkin.marketo.net https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.clarity.ms https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://cdn.pdst.fm https://x.clearbitjs.com https://app.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://activitymap.adobe.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.tiktok.com https://fonts.gstatic.com https://fonts.googleapis.com https://edge.adobedc.net https://adobedc.demdex.net https://stats.g.doubleclick.net https://www.google.com https://analytics.google.com https://*.mktoresp.com https://*.clearbit.com https://*.linkedin.com https://t.co https://*.twitter.com https://*.facebook.com https://tracking.contanuity.com https://c.bing.com https://*.hlx.page https://*.hlx.live https://bamboohr--webchat.sandbox.my.site.com https://bamboohr--webchat.sandbox.my.salesforce-scrt.com https://bamboohr.my.site.com https://bamboohr.my.salesforce-scrt.com https://js.driftt.com https://static.cloudflareinsights.com https://script.crazyegg.com https://rc-widget-frame.js.driftt.com https://arttrk.com https://intentstream.contanuity.com https://td.doubleclick.net https://bamboohr.com wss://ws.hotjar.com https://*.hotjar.io https://*.gstatic.com https://*.leandata.com https://195-loz-515.mktoutil.com https://*.bizibly.com https://*.google.com.ua https://www.google.ca https://www.getapp.com https://*.wistia.com https://*.honey.io https://boards.greenhouse.io https://*.ucweb.com https://qvdt3feo.com https://*.srv.stackadapt.com https://ct.capterra.com https://*.youtube.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; report-to https://app.bamboohr.com/ajax/parse_csp_report.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-AzXFsZRQBc8MdsVVcqw0BQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src https: 'unsafe-inline' www.autotrader.co.za https: 'unsafe-eval' www.googletagservices.com www.googletagmanager.com https://www.googleoptimize.com/ https://js.monitor.azure.com/ *.google-analytics.com https://www.youtube.com/ *.g.doubleclick.net *.google.co.za *.google.com *.googlesyndication.com https://maps.googleapis.com/ https://www.gstatic.com/ www.googleadservices.com https://static.instavid360.com/ https://connect.facebook.net/ *.adsafeprotected.com; style-src https: 'unsafe-inline' www.autotrader.co.za https://accounts.google.com https://fonts.googleapis.com https://static.instavid360.com; connect-src https: www.autotrader.co.za https: data: *.google-analytics.com https://dc.services.visualstudio.com/ *.google.co.za *.google.com *.g.doubleclick.net *.googlesyndication.com https://csi.gstatic.com/ *.ad.doubleclick.net *.googleapis.com https://static.instavid360.com/; img-src https: www.autotrader.co.za img.autotrader.co.za https: data: file: *.google-analytics.com https://www.googletagmanager.com/ *.google.co.za *.google.com *.googlesyndication.com https://static.instavid360.com/ *.g.doubleclick.net *.googleapis.com *.gstatic.com *.autotrader.co.za https://planet42.com/ *.adsafeprotected.com; frame-src https: www.autotrader.co.za https: *.youtube.com *.iono.fm *.google.com *.googlesyndication.com *.autotrader.co.za *.g.doubleclick.net https://www.googleadservices.com/; font-src https: www.autotrader.co.za data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; object-src https: www.autotrader.co.za www.youtube.com www.googletagmanager.com; report-uri https://www.autotrader.co.za/admin/csp-report 1
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-4diUUMSUaoRhaZw9sowJkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.dedeman.ro data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com maps.google.com *.recaptcha.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dedeman.ro maps.gstatic.com *.google-analytics.com *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.nr-ext.net *.nr-assets.net *.dedeman.ro maps.googleapis.com *.google-analytics.com *.recaptcha.net chimpstatic.com downloads.mailchimp.com *.list-manage.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.dedeman.ro downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.dedeman.ro 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dedeman.ro maps.googleapis.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-J2Cfgm3rxW_IoA7zQCTOTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-3jyC9c30+1fNE09LXCLwBQ=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
string 1
frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.q:* https://*.ixl.z:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.t:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.admetricspro.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://*.admetricspro.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://imasdk.googleapis.com/js/sdkloader/ima3.js https://vjs.zencdn.net/7.11.4/video.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.0.0/videojs.ads.min.js https://adservice.google.com https://cdn.ampproject.org https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net/7.11.4/video-js.css https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.7.0/videojs.ads.css https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.css https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.sa www.google.tn c.bing.com www.google.com.pe www.google.co.za www.google.co.jp wss://127.0.0.1:3389 www.google.com.br www.google.com *.clarity.ms www.google.fr www.google.de *.doubleclick.net wss://127.0.0.1:5901 www.google.pl *.facebook.com *.agora.io analytics.google.com webpushstat.api.engagelab.cc wss://127.0.0.1:6040 www.google.kz *.linkedin.com *.googleapis.com web-1.ap.sd-rtn.com www.google.com.ng www.google.ro www.google.lk wss://127.0.0.1:5902 *.baidu.com *.myqcloud.com psceqa.s3.cn-north-1.amazonaws.com.cn wss://127.0.0.1:5938 www.google.com.hk www.google.co.id www.googletagmanager.com www.google.co.kr www.google.co.in www.google.nl www.google.com.sg *.globalsources.com www.google.dk www.google.cn www.google.com.tr www.google-analytics.com wss://127.0.0.1:2112 www.google.com.my www.google.com.vn web.sdk.qcloud.com www.micstatic.com www.google.com.do bat.bing.com wss://127.0.0.1:5939 www.google.az www.google.com.tw wss://127.0.0.1:5903 wss://127.0.0.1:5931 www.google.rs www.google.ge www.google.ch www.google.ru www.google.com.ec www.google.com.mx api.my-imcloud.com oss.ejet.com wss://127.0.0.1:5944 www.google.es region1.google-analytics.com www.720yun.com s3.ap-east-1.amazonaws.com wss://127.0.0.1:6039 conn.webpush.theengagelab.com *.online-metrix.net www.google.com.ph wss://124-232-129-164.edge.sd-rtn.com:9591 *.googleadservices.com gsol-resource.s3.ap-east-1.amazonaws.com www.google.co.ke region1.analytics.google.com www.google.com.bd image.made-in-china.com *.facebook.net static.geetest.com wss://124-232-129-164.edge.agora.io:9591 cdn.dcloud.net.cn *.googlesyndication.com www.google.co.uk www.google.com.ua www.google.co.th *.licdn.com wss://127.0.0.1:5279 wss://wss.my-imcloud.com psce.s3.cn-north-1.amazonaws.com.cn wss://127.0.0.1:5950 www.google.co.uz *.alicdn.com api.geetest.com wss://127.0.0.1:63333 *.gstatic.com wss://wss.im.qcloud.com www.google.ae adservice.google.com www.google.com.au wss://127.0.0.1:7070 img01.yzcdn.cn b.globalsources.cn wss://conn.webpush.theengagelab.com wss://127.0.0.1:5900 ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://youtube.com https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net; manifest-src 'self' https://cdn.wrike.com https://cdn.wrike-cn.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.google-analytics.com https://*.usercentrics.eu https://*.marketo.com https://*.marketo.net https://apis.google.com https://bat.bing.com https://cdn.ravenjs.com https://connect.facebook.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://snap.licdn.com https://static.ads-twitter.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962492627/ https://pagead2.googlesyndication.com/pagead/conversion/962492627/ https://s.yimg.jp/images/listing/tool/cv/ytag.js https://js.driftt.com/ https://tag.demandbase.com/63365c817f510bbb.min.js https://api.tomi.ai/029/loader.js https://tags.srv.stackadapt.com/events.js https://s.yimg.jp/images/listing/tool/cv/conversion.js https://cdn.metadata.io https://js.partnerstack.com/v1/ https://www.clarity.ms/ https://tracking.intentsify.io/ https://b97.yahoo.co.jp/pagead/conversion_async.js https://ad.doubleclick.net/ddm/adj/N1344363.197812NSO.CODESRV/ https://*.d41.co https://sc.lfeeder.com/ https://ltracking.de/ https://tags.fullcontact.com/ https://cdn.leadinfo.net/ https://d3tvpxjako9ywy.cloudfront.net https://d1c5qktmphn2d.cloudfront.net; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com www.googletagmanager.com *.youtube.com *.ytimg.com *.soundcloud.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.appcues.com login.microsoftonline.com;style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com *.appcues.com;img-src 'self' *.edpuzzle.com *.edpuzzle.dev edpuzzle.imgix.net *.ytimg.com d3an647906r12r.cloudfront.net *.nr-data.net www.googletagmanager.com *.appcues.com;media-src 'self' *.edpuzzle.com *.edpuzzle.dev *.nr-data.net *.appcues.com;connect-src 'self' *.edpuzzle.com *.awswaf.com *.nr-data.net *.mxpnl.com *.mixpanel.com *.google-analytics.com login.microsoftonline.com wss://5uj9b5geqb.execute-api.us-east-1.amazonaws.com wss://5k3vufy1vh.execute-api.us-east-1.amazonaws.com;frame-ancestors 'self';frame-src *;report-uri /api/v3/violations/csp;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com cdn.hadronid.net sc-static.net *.browser-intake-datadoghq.com d2cli4kgl5uxre.cloudfront.net *.ad.gt tsdtocl.com cdn.mediago.io snap.licdn.com tr.snapchat.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com *.zendesk.com *.tiktok.com *.clarity.ms *.zdassets.com *.amazon-adsystem.com *.liadm.com *.criteo.net *.criteo.com *.doubleclick.net *.zopim.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-_UGSPvR5dRjytFFYWlG3Wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors https://*.workable.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcbe8d2ef0966e8645a91099cfac490bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=%40http.headers.cfray%3A883f569989d324fc 1
frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
default-src 'none'; connect-src 'self' https://*.polo-static.com https://*.poloniex.com wss://*.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://poloniex.zendesk.com wss://*.zopim.com https://report.woodpeckerlog.com https://*.geetest.com; base-uri 'self'; font-src 'self' data: https://*.polo-static.com; frame-src 'self' polo: https://docs.google.com; img-src 'self' data: blob: https://*.polo-static.com https://static.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://www.datocms-assets.com https://d21y75miwcfqoq.cloudfront.net/5d308ddf https://*.geetest.com https://report.woodpeckerlog.com; script-src-attr 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.polo-static.com https://pixel.mediamathrdrt.com https://scripts.mediamathrdrt.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://*.geetest.com; style-src 'self' 'unsafe-inline' https://*.polo-static.com https://*.geetest.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io; worker-src 'self' blob: https://*.polo-static.com; object-src 'none'; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; media-src https://*.polo-static.com; report-uri /cdn-cgi/script_monitor/report; report-to cf 1
script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 1
default-src 'self' *.tanki.su lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tanki.su lesta.ru *.lesta.ru *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://www.googleoptimize.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.tanki.su lesta.ru *.lesta.ru https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.tanki.su lesta.ru *.lesta.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://tanki.su https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.tanki.su lesta.ru *.lesta.ru https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.tanki.su lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.tanki.su lesta.ru *.lesta.ru https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.tanki.su lesta.ru *.lesta.ru https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.lesta.ru/cspreport 1
object-src 'none';base-uri 'self';script-src 'nonce-I38X-6b3dKy0HNyW1Ie4_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DQTyUtA240jmK3UqnR48XA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com *.googleapis.com *.facebook.net assets-us-01.kc-usercontent.com *.gstatic.com *.siteimproveanalytics.io *.facebook.com translate.google.com www.googletagmanager.com meet.jit.si siteimproveanalytics.com *.tiktok.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'none';    script-src 'self' https://www.worldremit.com/ https://www.staging.worldremit.com/web-cms-assets/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googleoptimize.com/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/ https://analytics.tiktok.com/ https://bat.bing.com/ https://beacon.riskified.com/ https://cdn-ukwest.onetrust.com/ https://cdn.optimizely.com/ https://collector-11951.tvsquared.com/ https://www.clickcease.com/ https://www.dwin1.com/ https://tr.snapchat.com/ https://sc-static.net/ https://static.ads-twitter.com/ https://unpkg.com/ https://utt.impactcdn.com/ https://websdk.appsflyer.com/ https://w.usabilla.com/ 'sha256-icD8v9Wem/py+1XV0rQIaliCmHMQR5nHvWFKTS2DGAw=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-a+bEamAlr8ywH8jWaou4yXrrD2CdZHBa5mkPm9Zb0vY=' 'sha256-VaA/D0CDUIO10nMSQkB40L5xAzvIVYleE9FrPSAYdoo=' 'sha256-VfTQnMA4EWf3yGZ903A91/hX3uCe944PWwMRKm3S1Rw=' 'sha256-cpPy66UKGYIVsnnpoK6lUL2KI/nbuoqtLQutCw0/CDo=' 'sha256-8Qmq6lssdxdi55wYG7c1jahizRe73Qy+YPIeI4mr3oA=' 'sha256-R40JiM3iLtXhOmn+TJefXEMI9hgwGQ2nOHNOLy7Jozk=' 'sha256-j9myjaM24F4HR8qrHcGG4FvBhU9n66D+Li/JrwCBVzs=' 'sha256-FuRsQpev18uuSWjt8D1KdJa1fQ90b+pYcgw7XfWMJYg=' 'sha256-fSKgqVmaOLwxln3i0zKzLOZ+OpH5SbSpbSpEFz5EmNA=' 'sha256-+gCIGNnVNA6f3segGhOvBwdzrFMhXx3FjszPfytX6ew=' 'sha256-pjx8axQ6DTHbDJnwLBZozPTDadQVUspowofG0xVwmFQ=' 'sha256-j++q3SQWPtXk+u2k3aj3BL+t4SrBbJG5COMNC5xLFrM=' 'sha256-RYS/n6j/kK2GU56aZV0XGlblKG28HJoGUQUgNK3gXJs=' 'sha256-lf8pJrJmAqbGG657jklqqIw6K5VmGyQYblICEq5c+oI=' 'sha256-OjvSiGRrZea05Ac8ZuCnNI3cINsllOI5qLnxi8aWAeI=' 'sha256-tXLyLtviqH3ncYc8npo+pLLGNEQ5z7hk91ZaY3Eoohs=' 'sha256-tfIG5+0P65W18d+c728k1ySUAlV8SHm+CvXPha06CtI=' 'sha256-QndSpytv4rG3oX2gWPpCb5Aaaw/YKyrx7X6wYTHkoO0=' 'sha256-HeV/NTzkLcX7xFFCqOc1lsf8lYxsj5ABP1Tyme32Jj0=' 'sha256-90/pwNNCONRAVYpSAer1lOhqIoZJELeFdk4lHDrywfo=' 'sha256-1Q4uixuB65YH5x3IsnaG4CbuiXlVmALpiBGXMCBZe9c=' 'sha256-SRJVYr273KLw80bkCtXupcxXfnhaDgZNKYhDdw3Vx0g=' 'sha256-IkqmVFAIVjOuCws/lOvP07d+ZXBXyZxwZIuIXCrzUcY=' 'sha256-CHFO++EMjARdUBrX4ND7kx6LQp6vWK8Kf1Kn+M5XtT0=' 'sha256-HDARRtI86kQLFcE9M+fsb/hnChNXmHMCQXwPHd8aeKU=' 'sha256-wKr08AzEgb77LpbyBeaZAfN+OGugDTn8//EOz9WL1U0=' 'sha256-tM6uH80H2rUSRAe9pbKuB2KK2M0IqRkjqHxiiGlwyG4=' 'unsafe-eval';    connect-src 'self' https://www.worldremit.com/ https://worldremit.sjv.io/ https://api.staging.worldremit.com/graphql https://graphql.contentful.com/ https://region1.analytics.google.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/ https://www.google.com/pagead/ https://www.google.co.uk/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://analytics.pangle-ads.com/ https://bat.bing.com/ https://cdn-ukwest.onetrust.com/ https://c.riskified.com/ https://errors.client.optimizely.com/ https://geolocation.onetrust.com/ https://pagead2.googlesyndication.com/ https://privacyportal-uk.onetrust.com/ https://sdk.fra-01.braze.eu/ https://stats.g.doubleclick.net/ https://tr.snapchat.com/ https://wa.appsflyer.com/ https://wa.onelink.me/;    img-src 'self' https://www.google-analytics.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://www.google.com/pagead/ https://www.google.co.uk/ https://ade.googlesyndication.com/ https://www.googletagmanager.com/ https://ad.doubleclick.net/ https://analytics.twitter.com/ https://bat.bing.com/ https://collector-11951.tvsquared.com/ https://img.riskified.com/ https://t.co/i/ https://tr.snapchat.com/ data:;    manifest-src 'self' https://www.worldremit.com/ https://www.staging.worldremit.com/web-cms-assets/;    style-src 'self' https://use.fontawesome.com/ 'unsafe-inline';    font-src 'self' https://use.fontawesome.com/ data:;    frame-src 'self' https://4906361.fls.doubleclick.net/ https://td.doubleclick.net https://tr.snapchat.com/;    object-src 'none'; 1
default-src 'self' https:; media-src data: https://app.qualified.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' *.freshbooks.com https://*.osano.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://bat.bing.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.redditstatic.com https://campaign.fbot.me https://cdn.evgnet.com/beacon/freshbooks/dev/scripts/evergage.min.js https://cdn.evgnet.com/beacon/freshbooks/engage/scripts/evergage.min.js https://cdn.pushcrew.com https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com https://edge.fullstory.com/s/fs.js https://js-agent.newrelic.com https://js.qualified.com/qualified.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.fbot.me/friendbuy.js https://tracking.g2crowd.com/attribution_tracking/conversions/189.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion/962469797/ https://www.googletagmanager.com; img-src 'self' https: blob:; style-src 'self' 'report-sample' 'unsafe-inline' https://*.osano.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; frame-src 'self' *.freshbooks.com https://*.osano.com https://*.visualwebsiteoptimizer.com https://4956461.fls.doubleclick.net https://9052200.fls.doubleclick.net https://app.qualified.com https://app.vwo.com https://freshbooksbot.maple.ada.support/ https://go.pardot.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://accounts.google.com; connect-src https: wss://ws.qualified.com; worker-src 'self' blob: https://*.osano.com; report-uri https://browser-intake-us5-datadoghq.com/api/v2/logs?dd-api-key=pubaa9a5def0b71d4ae534f170a078662bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afreshbooks-website%2Cenv%3Afreshbooks-prod; report-to csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tgtag.io bat.bing.com *.facebook.net *.crazyegg.com www.google.co.in code.jquery.com pixel.quantserve.com *.menlosecurity.com www.googletagmanager.com *.income.com.sg www.google.com cse.google.com *.linkedin.com tags.tiqcdn.com use.fontawesome.com www.google-analytics.com *.igodigital.com *.tealiumiq.com api.trafficguard.ai *.clarity.ms www.google.de prreqcroab.icu *.facebook.com static.zdassets.com *.doubleclick.net rules.quantcount.com ampcid.google.com.sg cdn.jsdelivr.net alb.reddit.com secure.quantserve.com www.youtube.com www.dianomi.com *.gstatic.com *.zendesk.com www.redditstatic.com ampcid.google.com region1.analytics.google.com conversions-config.reddit.com sp.analytics.yahoo.com c.bing.com *.tiktok.com adservice.google.com *.adsensecustomsearchads.com *.omguk.com centinelapi.cardinalcommerce.com *.evergage.com us-central1-ntuc-income-bigquery.cloudfunctions.net clients1.google.com cdn.evgnet.com www.google.com.sg cdnjs.cloudflare.com *.licdn.com analytics.google.com assets-us-01.kc-usercontent.com pixel.quantcount.com s.yimg.com www.google.com.my badge.seedly.sg ekr.zdassets.com *.googleapis.com *.googleadservices.com assets-au-01.kc-usercontent.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com; frame-ancestors self; report-uri /report-csp-violation 1
default-src https:; script-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.facebook.com www.google.com *.gstatic.com maps.google.com www.google-analytics.com *.addthis.com *.doubleclick.net www.google.com.sg www.bni.co.id livechat.on5.co.id www.google.co.id www.youtube.com admin.bniexperience.com bniexperience.bni.co.id *.facebook.net *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-fD8NhBXoBSc4hB2RS-lT2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
default-src https: wss: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
object-src 'none';base-uri 'self';script-src 'nonce-tdCfx6eDVZUgS1THL2iP8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-rKhqUz1UiQanzy5H1eVC4w==' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytescm.com;style-src 'unsafe-inline' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn *.zijieapi.com;img-src *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster *.bytednsdoc.com *.bytescm.com *byteacctimg.com *.bytecdn.com;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1
object-src 'none';base-uri 'self';script-src 'nonce-DtQOcFr4Ygl0JjmqE_qYAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src *; img-src data: blob: *; default-src blob: data: 'nonce-R@nDoM!3' 'unsafe-eval' 'unsafe-inline' 'self' cspreport.php *.go-mpulse.net *.akstat.io *.appdynamics.com *.licdn.com *.google.com *.facebook.net *.yimg.com *.bing.com *.yahoo.com *.ads-twitter.com *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.angularjs.org *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.interactivebrokers.com *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.covestor.com *.full.cv *.doubleclick.net *.youtube.com *.sitesearch360.com *.ibkr-int.com http://localhost:* *.lr-ingest.io http://dev183:* *.gpsrv.com *.npr.org ms-appx-web://* http://*.interactivebrokers.com *.jsdelivr.net http://nxdevsrv3:30999 *.vimeo.com  http://*.interactivebrokers.ca ms-appx-web://microsoft.microsoftedge ny5webdv1:* http://ny5webdv1:* http://*.dev.ibkr-int.com http://s7.addthis.com  *.interactivebrokers.eu http://nxdevsrv3:8122 zwebsrv1:6443 *.ibkr-int.com:* http://*.ibkr-int.com:* zwebsrv1.prod.ibkr-int.com:6443 *.simplywall.st *.aliyuncs.com  *.googleapis.com *.bootstrapcdn.com css scripts *.interactivebrokers.ie *.interactivebrokers.eu *.interactivebrokers.hu *.interactivebrokers.lu s.go-mpulse.net; report-uri /cspreport.php 1
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 1
base-uri 'self'; default-src 'self'; script-src 'nonce-NWFiZTk5YTUtYjE2ZC00MGFkLWI2ZTktMDc4MDVlYjUwZDg2' 'report-sample' 'self' https://www.googletagmanager.com https://c.safetyculture.com https://cdn.segment.com https://snap.licdn.com/ https://cdn.madkudu.com/ https://cdn.amplitude.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.kustomerapp.com https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com https://bat.bing.com https://pages.safetyculture.com https://*.hotjar.com https://fast.wistia.com; style-src 'unsafe-inline' 'report-sample' 'self' https://pages.safetyculture.com https://*.hotjar.com; object-src 'none'; connect-src 'self' https://a.safetyculture.com https://api.segment.io https://c.safetyculture.com https://cdn.segment.com https://*.segmentapis.com https://api.amplitude.com https://scnextsite.wpenginepowered.com/wp-admin/admin-ajax.php https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://support-safetyculture.api.kustomerapp.com https://*.pndsn.com https://safetyculture-sandbox.api.kustomerapp.com https://stats.g.doubleclick.net https://www.facebook.com https://www.instagram.com https://wp-website.safetyculture.com/wp-admin/admin-ajax.php https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://adservice.google.com https://*.wistia.com https://bat.bing.com https://monitor.clickcease.com; manifest-src 'self'; media-src 'self' blob:; font-src 'self' https://fonts.gstatic.com https://cdn.kustomerapp.com data: https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://cdn.kustomerapp.com https://tpc.googlesyndication.com https://www.facebook.com https://*.doubleclick.net https://pages.safetyculture.com https://www.youtube.com; img-src 'self' * data:; worker-src 'none'; report-uri https://safetyculture.com/_csp/scweb/prod?v=240313; 1
default-src 'self' *.iheartmedia.com data: blob:;img-src 'self' data: https:;font-src https: data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com translate.google.com www.google.com www.gstatic.com *.onetrust.com player.vimeo.com www.googletagmanager.com img.en25.com cdn.cookielaw.org ftlaunchpad.ai app.livemarketshoppers.com sb.scorecardresearch.com;frame-src 'self' data: www.iheart.com player.vimeo.com www.google.com;object-src 'none';connect-src 'self' ws://localhost:* *.google-analytics.com *.doubleclick.net *.onetrust.com cdn.cookielaw.org;report-uri https://csp.qw.iheartmedia.com/api/report; 1
default-src 'self' *.creative.com d287ku8w5owj51.cloudfront.net *.crazyegg.com im-yacms.s3.ap-southeast-1.amazonaws.com *.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io wss://creativesupporthelp.zendesk.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.awin1.com *.bootstrapcdn.com *.crazyegg.com *.creative.com *.dwin1.com *.facebook.com *.google-analytics.com *.google.com *.gstatic.com *.mlytics.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com ajax.googleapis.com b91.yahoo.co.jp beacon.cdn.mile.cloud blueimp.github.io browser-update.org cdn.jsdelivr.net cdn.moengage.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net cv.valuecommerce.com d.line-scdn.net d287ku8w5owj51.cloudfront.net dnn506yrbagrg.cloudfront.net googleads.g.doubleclick.net graph.facebook.com images.soundblaster.com lantern.roeyecdn.com platform.twitter.com polyfill.io remote.captcha.com s.yimg.jp sdk.amazonaws.com sslwidget.criteo.com static.criteo.net csm.da.us.criteo.net static.zdassets.com tagmanager.google.com tpay.com *.googlesyndication.com trj.valuecommerce.com use.typekit.net widget-mediator.zopim.com widget.us.criteo.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.creative.com d287ku8w5owj51.cloudfront.net *.typekit.net *.adobe.com *.google.com  tagmanager.google.com fonts.googleapis.com fonts.gstatic.com/ *.crazyegg.com *.bootstrapcdn.com cdnjs.cloudflare.com www.jqueryscript.net www.soundblaster.com www.gstatic.com; img-src 'self' blob: *.awin1.com *.crazyegg.com *.creative.com *.dwin1.com *.google-analytics.com *.imgvc.com *.mlytics.com adservice.google.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com b91.yahoo.co.jp beacon.cdn.mile.cloud browser-update.org contextual.media.net criteo-partners.tremorhub.com csm.va.us.criteo.net d287ku8w5owj51.cloudfront.net data: dis.criteo.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com exchange.mediavine.com google.com.sg googleads.g.doubleclick.net graph.facebook.com gum.criteo.com h.online-metrix.net i.vimeocdn.com i.ytimg.com im-yacms.s3.ap-southeast-1.amazonaws.com image-eu.moengage.com img.youtube.com itag.valuecommerce.com itag.valuecommerce.ne.jp lantern.roeye.com p.typekit.net ssl.gstatic.com static.criteo.net static.zdassets.com stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com t.co tpay.com tr.line.me translate.google.com translate.googleapis.com use.typekit.net v2assets.zopim.io www.adobe.com www.facebook.com www.google-analytics.com www.google.ae www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.mt www.google.com.mx www.google.com.my www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.lk www.google.lt www.google.lu www.google.lv www.google.kz www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tt *.googlesyndication.com www.googletagmanager.com www.gstatic.com www.paypalobjects.com www.soundblaster.com www.youtube.com tbs.tradedoubler.com; font-src 'self' *.creative.com d287ku8w5owj51.cloudfront.net fonts.gstatic.com use.typekit.net data: *.bootstrapcdn.com cdnjs.cloudflare.com www.jqueryscript.net file.myfontastic.com www.slant.co cdn.honey.io; child-src blob: www.google.com cdn.moengage.com; connect-src 'self' *.cdnsuehprom.com *.cloud-button.com *.crazyegg.com *.creative.com *.daxinlicai.com *.google-analytics.com *.googlesyndication.com *.mlytics.com *.sphgfgx.com accounts.google.com ad.doubleclick.net adservice.google.com analytics.google.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com autocomplete-api.smartystreets.com cdn.contentful.com code.jquery.com cognito-identity.ap-northeast-1.amazonaws.com contextual.media.net creativesupporthelp.zendesk.com criteo-partners.tremorhub.com criteo-sync.teads.tv d287ku8w5owj51.cloudfront.net ekr.zdassets.com exchange.mediavine.com google.com graph.facebook.com if1k4cyjr4.execute-api.ap-southeast-1.amazonaws.com measurement-api.criteo.com oxrz6c4lbi.execute-api.ap-southeast-1.amazonaws.com pay.google.com performance.typekit.net region1.analytics.google.com sdk-02.moengage.com securepubads.g.doubleclick.net spay.samsung.com sslwidget.criteo.com static.criteo.net stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co tez.google.com *.googleapis.com wss://widget-mediator.zopim.com www.facebook.com www.google-analytics.com www.google.com z-m-graph.facebook.com z-p3-graph.facebook.com; frame-src 'self' data: *.crazyegg.com accounts.google.com ad.gunosy.com cdn.moengage.com creativesupporthelp.zendesk.com d287ku8w5owj51.cloudfront.net fledge.us.criteo.com googleads.g.doubleclick.net gum.criteo.com pay.google.com player.vimeo.com static.criteo.net td.doubleclick.net tpc.googlesyndication.com www.facebook.com www.google.co.jp www.google.com www.youtube.com www.youtube-nocookie.com; media-src data: *.creative.com d287ku8w5owj51.cloudfront.net cn-img.creative.com; worker-src 'self' blob: *.creative.com; frame-ancestors 'self' *.creative.com img.stage.creative.com appsmith.dev.creative.com; object-src 'none'; upgrade-insecure-requests; report-uri https://api.creative.com/csp/report/; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com l.sharethis.com static.fundraiseup.com google.com js-agent.newrelic.com fndrsp.net *.facebook.com cdn-us.clickdimensions.com www.google.com.my js.stripe.com www.googletagmanager.com tags.srv.stackadapt.com ping.chartbeat.net home-c56.nice-incontact.com ucarecdn.com cdn.userway.org www.autismspeaks.org count-server.sharethis.com pay.google.com my.hellobar.com *.tiktok.com api.fundraiseup.com use.fontawesome.com buttons-config.sharethis.com www.google.com bat.bing.com spay.samsung.com www.google.de data.stbuttons.click analytics.clickdimensions.com bam.nr-data.net pro.ip-api.com www.google.co.uk *.doubleclick.net www.google-analytics.com use.typekit.net *.hotjar.com analytics.google.com cdnjs.cloudflare.com api.userway.org *.facebook.net www.google.ie *.gstatic.com www.google.com.au p.typekit.net platform-cdn.sharethis.com platform-api.sharethis.com static.oktopost.com tez.google.com www.google.ca qvdt3feo.com www.youtube.com okt.to sentry.fundraiseup.com em.realtime.email static.chartbeat.com rg.autismspeaks.org www.google.co.in *.paypal.com web.autismspeaks.org *.licdn.com *.linkedin.com content.hotjar.io www.google.com.ph adservice.google.com cdn77.api.userway.org my.walls.io cdn.fundraiseup.com www.paypalobjects.com fndrsp-checkout.net vc.hotjar.io walls.io region1.analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
report-uri https://www.feedingamerica.org/report-uri/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *.unionesarda.it; report-uri /csp-report 1
default-src 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://*.linkedin.oribi.io https://*.applicationinsights.azure.com https://westeurope.livediagnostics.monitor.azure.com *.consentmanager.net promo.skf.com *.promo.skf.com *.actonservice.com *.ads.linkedin.com skfsso-test.skf.com skfsso-qa.skf.com skfsso.skf.com https: ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.googleapis.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://mc.yandex.ru https://yastatic.net https://www.google.iq https://www.google.com.eg https://www.google.com.co https://www.google.co.kr https://www.google.com.sa https://www.google.com.ni https://www.google.rs https://www.google.com.pk https://www.google.com.gt https://www.google.al https://www.google.hn https://www.google.dz https://www.google.com.ec https://www.google.jo https://www.gstatic.com https://remote.captcha.com https://www.google.com.bh https://www.googleadservices.com https://*.doubleclick.net https://az416426.vo.msecnd.net https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.slim.min.js https://connect.facebook.net https://*.promo.skf.com https://js-agent.newrelic.com https://*.googleapis.com https://promo.skf.com https://script.hotjar.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://service.giosg.com https://bookeo.com https://*.bookeo.com https://recaptcha.net https://*.go-mpulse.net https://*.giosg.com;style-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://recaptcha.net https://*.googleapis.com https://use.fontawesome.com https://service.giosg.com; media-src blob: https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://skf.comv https://www.skf.com https://staging.prod.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://www.youtube.com https://hiresmedia.skf.com;connect-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://*.actonsoftware.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.applicationinsights.azure.com https://*.linkedin.oribi.io https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://recaptcha.net https://mc.yandex.ru https://skfcom-stag-fileupload.azurewebsites.net https://skfcom-staging-contactskfservice.azurewebsites.net https://skfcom-prod-fileupload.azurewebsites.net https://skfcom-prod-contactskfservice.azurewebsites.net https://p11.techlab-cdn.com https://*.googleapis.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com https://*.googlevideo.com https://*.doubleclick.net https://webapi.partcommunity.com https://bam.nr-data.net https://search.skf.com https://webassistants.partcommunity.com https://*.google-analytics.com https://*.analytics.google.com https://*.giosg.com https://bookeo.com https://*.bookeo.com https://*.hotjar.io https://dc.services.visualstudio.com/v2/track wss://messagerouter.giosg.com https://*.akstat.io https://*.go-mpulse.net https://traceparts-cache.s3.eu-west-1.amazonaws.com https://*.giosgusercontent.com https://px.ads.linkedin.com https://maintenanceapps.skf.com;font-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://fonts.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://recaptcha.net https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com https://*.giosgusercontent.com data: ;frame-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://recaptcha.net https://www.skf.com https://webapi.partcommunity.com https://www.youtube.com/ https://vars.hotjar.com https://www.google.com https://bookeo.com https://*.bookeo.com https://*.clients.giosgusercontent.com https://service.giosg.com https://www.facebook.com https://www.traceparts.com;img-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://recaptcha.net https://mc.yandex.ru https://*.googleapis.com https://www.google.com https://*.ggpht.com https://www.gstatic.com https://www.google.co.bw https://www.google.az https://www.google.am https://www.google.co.ke https://www.google.is https://www.google.hr https://www.google.sr https://www.google.mk https://www.google.com.py https://www.google.co.uz https://www.google.com.uy https://www.google.com.do https://www.google.com.bz https://www.google.com.na https://www.google.co.zm https://www.google.cm https://www.google.bg https://www.google.iq https://www.google.co.tz https://www.google.com.bh https://www.google.com.ec https://www.google.com.ph https://www.google.com.om https://www.google.al https://www.google.gr https://www.google.dz https://www.google.com.mt https://www.google.lt https://www.google.rs https://www.google.co.ma https://www.google.com.sa https://www.google.jo https://www.google.com.co https://www.google.co.kr https://www.google.mg https://www.google.com.eg https://www.google.com.pk https://www.google.rw https://www.google.ba https://www.google.co.il https://www.google.lu https://www.google.ge https://www.google.hn https://www.google.com.ua https://www.google.com.my https://www.google.co.jp https://www.google.sk https://www.google.co.nz https://www.google.ae https://www.google.co.id https://www.google.kz https://www.google.ro https://www.google.com.tw https://www.google.com.sg https://www.google.com.bd https://www.google.com.vn https://www.google.com.hk https://www.google.com.ar https://www.google.pt https://www.google.co.ve https://www.google.hu https://www.google.com.qa https://www.google.lv https://www.google.si https://www.google.ie https://vehicleaftermarket.skf.com https://www.google.com.sv https://www.google.dk https://www.google.co.th https://www.google.co.za https://www.google.cl https://www.google.tt https://www.google.com.ar https://www.google.ee https://www.google.ru https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.co.in https://www.google.com.ng https://www.google.cz https://www.google.ca https://www.google.fr https://www.google.com.br https://www.google.pl https://www.google.de https://www.google.ch https://www.google.com.pe https://*.ads.linkedin.com https://www.google.tn https://www.google.be https://www.google.by https://www.google.es https://www.google.com.tr https://www.google.com.au https://www.google.com.mx https://www.google.at https://www.google.fi https://www.google.co.uk https://www.google.nl https://www.google.it https://search.skf.com https://yt3.ggpht.com https://*.ytimg.com https://img.youtube.com http://www.skf.com https://*.promo.skf.com https://*.googleapis.com https://maps.gstatic.com https://promo.skf.com https://www.linkedin.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.no https://www.google.se https://cdn.giosgusercontent.com https://static.giosg.com https://www.googletagmanager.com https://script.hotjar.com https://*.akstat.io data:; report-uri https://prod-31.westeurope.logic.azure.com:443/workflows/2f0a4f0089f24f6d9d7b415d6f07fd8d/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=C1rydVOKnq_lklW-AUrwxvZx6LasYM9JWkQL_KvJHkU 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk api.audible.co.uk audible.sc.omtrdc.net audible.tt.omtrdc.net bat.bing.com cdn.linkedin.oribi.io consent-pref.trustarc.com/defaultconsentmanager/ ct.pinterest.com dpm.demdex.net fls-eu.amazon.com google.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ prf.audiencemanager.de px.ads.linkedin.com/wa/ s.yimg.com t.kmtx.io tr.snapchat.com unagi-eu.amazon.com unagi.amazon.com web-sdk.control.kochava.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing; font-src m.media-amazon.com consent.trustarc.com www.audible.co.uk; frame-src 'self' 12320038.fls.doubleclick.net 4482792.fls.doubleclick.net 6232271.fls.doubleclick.net audible.demdex.net consent-pref.trustarc.com consent.trustarc.com ct.pinterest.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net tr.snapchat.com www.audiencemanager.de www.facebook.com; img-src 'self' aax-eu.amazon-adsystem.com ad.doubleclick.net/activity ad.doubleclick.net/ddm/activity/ adservice.google.com alb.reddit.com bat.bing.com consent.trustarc.com ct.pinterest.com fls-eu.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com insight.adsrvr.org/track/pxl/ m.media-amazon.com pixel.quantserve.com pixelg.adswizz.com/one.png pubads.g.doubleclick.net px.ads.linkedin.com/collect secure.adnxs.com/px segment.prod.bidr.io sp.analytics.yahoo.com t.kmtx.io tracking.audio.thisisdax.com/one.png www.awin1.com/sread.img www.facebook.com www.google.co.uk/pagead/1p-user-list/ www.google.com www.google.com.bd/pagead/1p-user-list/ www.google.fi/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.it/pagead/1p-user-list/ www.google.nl/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.rw/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.googletagmanager.com www.linkedin.com/px/li_sync/; media-src 'self' samples.audible.co.uk m.media-amazon.com; script-src 'self' 'unsafe-inline' akt.audiencemanager.de/log/ad/conversion/ assets.kochava.com audible.sc.omtrdc.net bat.bing.com c.amazon-adsystem.com/aat/amzn.js cdn.audiencemanager.de connect.facebook.net consent.trustarc.com d1g3myji5lplsh.cloudfront.net d2jpk0qucvwmsj.cloudfront.net googleads.g.doubleclick.net images-eu.ssl-images-amazon.com js.adsrvr.org pixels.omnitagjs.com/21-03732_AudibleBAU_DirectAL.js pixels.omnitagjs.com/21-03732_AudibleBAU_Sale.js prf.audiencemanager.de rules.quantcount.com s.kmtx.io s.pinimg.com s.yimg.com sc-static.net secure.quantserve.com snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js tr.snapchat.com www.dwin1.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'self' 'unsafe-inline' images-eu.ssl-images-amazon.com; 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-Hb9L+bx6zyySMJOfqBqvkA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1
default-src https: wss: 1
default-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; require-trusted-types-for 'script'; object-src 'self' mitel.io *.mitel.io mitel.com *.mitel.com; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/ace/1.1.3/ace.js https://connect.facebook.net/en_US/fbevents.js https://js.intercomcdn.com/vendor-modern.7a9ca9be.js https://prod.hackster-cdn.online/assets/application-7646f60bfdb0e6b6444bf77de6184bed59f1689ab2c45fc12ffa98978edc7dbe.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://widget.intercom.io/widget/l4h7orei https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js; style-src 'report-sample' 'self' https://prod.hackster-cdn.online; object-src 'none'; base-uri 'self'; connect-src 'self' https://7yqjt9bhux-dsn.algolia.net https://analytics.google.com https://api-iam.intercom.io https://api.hackster.io https://o4506440451424256.ingest.sentry.io https://ohm-dot-hackster-io.appspot.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://nexus-websocket-a.intercom.io; font-src 'self' https://prod.hackster-cdn.online; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: https://graph.facebook.com https://gravatar.com https://hackster.imgix.net https://i.ytimg.com https://lh3.googleusercontent.com https://prod.hackster-cdn.online https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.newark.com; manifest-src 'self' https://prod.hackster-cdn.online; media-src 'self' https://hackster.imgix.net; report-uri https://6620045c077c1adc81b63f22.endpoint.csper.io/?v=2; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://uni-wuerzburg.de https://*.uni-wuerzburg.de; report-uri /csprc; block-all-mixed-content ; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com ads.nextdoor.com region1.analytics.google.com www.google.com.bo static.rakuten.com www.google.com.lb c.az.contentsquare.net www.googletagmanager.com t.contentsquare.net www.google.com.tr www.google.pl s3.amazonaws.com www.google.com.gh sc-static.net www.google.com.sa www.google.gy *.moneygram.com www.google.co.in www.google.co.jp config1.veinteractive.com moneygram-intl.ingeniuxondemand.com www.google.mu www.google.jo tags.rd.linksynergy.com www.google.com.pk *.linkedin.com www.google.com.ng www.google.ro *.googleapis.com moneygram.vc.hr js.dc.amer.vesta.io secure.adnxs.com *.tiktok.com *.facebook.com www.google.co.ve www.google.cd *.doubleclick.net websdk.appsflyer.com bat.bing.com *.clarity.ms *.emjcd.com www.google.com.mx www.google.co.il www.google.com.br up.pixel.ad google.com www.google.com www.google.de www.google.com.ni www.google-analytics.com centinelapi.cardinalcommerce.com digitalfeedback.us.confirmit.com l.contentsquare.net www.google.com.eg paywithmybank.com writer.cardinalcommerce.com *.gstatic.com sdk.onfido.com www.google.com.ua *.sitescout.com www.google.com.do scripts.neuro-id.com region1.google-analytics.com q-us1.az.contentsquare.net c0.adalyser.com asset.gomoxie.solutions events-moneygram.gomoxie.solutions www.upsellit.com www.google.co.ma *.facebook.net www.google.sn sp.analytics.yahoo.com www.google.cm www.google.com.jm www.google.com.ec s.yimg.com *.wlp-acs.com tr.silverpush.co 3ds.redsys.es *.snapchat.com includes.ccdc02.com *.googleadservices.com dialogflow.cloud.google.com www.google.com.co www.google.al *.adsrvr.org banner.appsflyer.com *.pxf.io intljs.rmtag.com analytics.pangle-ads.com consent.trustarc.com cdn.honey.io wss://sync.onfido.com www.google.com.ph srm.af.contentsquare.net www.google.md wa.onelink.me www.google.es logs-01.loggly.com d.turn.com api.onfido.com www.google.gr www.google.com.au gc.kis.v2.scr.kaspersky-labs.com hosted.where2getit.com www.google.pt www.google.com.vn location.gomoxie.solutions platform.vesta.io www.google.ci www.google.bg www.google.ae www.google.no www.google.ie www.google.com.mm drs2.veinteractive.com www.google.fr www.google.cl www.google.bj www.google.co.uk *.licdn.com www.google.tn assets.onfido.com www.google.com.np *.dotomi.com www.google.iq www.google.com.gt clickmeter.com smct.co k-us1.az.contentsquare.net www.tp88trk.com www.google.co.id www.google.com.qa www.google.se www.google.com.my cdnjs.cloudflare.com impressions.onelink.me www.google.nl events.launchdarkly.com mczp434yllsbjxbs1d02r0s9vkt0.pub.sfmc-content.com www.google.co.ke maxcdn.bootstrapcdn.com app.upsellit.com felixistderbeste.de adservice.google.com www.google.rs www.ojrq.net moxie-concierge.s3.amazonaws.com six.cdn-net.com pix.pub www.google.at www.google.it consent-pref.trustarc.com translate.google.com r.turn.com www.google.ch cdn.appsflyer.com songbird.cardinalcommerce.com www.rsa3dsauth.co.uk receiver.neuroid.cloud authentication.cardinalcommerce.com app.launchdarkly.com checkout.trustly.com utt.impactcdn.com www.google.com.sv www.google.com.bd kg668dbov0.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com www.google.co.za creatives-cdn.appsflyer.com nkys7k94ig.execute-api.us-east-2.amazonaws.com www.google.be wa.appsflyer.com paiement2.secure.lcl.fr flask.nextdoor.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com/scripttemplates/ https://websdk.appsflyer.com/ https://www.google.com/recaptcha/enterprise.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.moonpay.com https://api.moonpay.com https://api.coingecko.com https://cdn-ukwest.onetrust.com https://*.launchdarkly.com https://geolocation.onetrust.com https://o465989.ingest.sentry.io https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://logs.browser-intake-datadoghq.com https://cdn.segment.com; font-src 'self' https://static.moonpay.com; frame-src 'self' https://buy.moonpay.com https://sell.moonpay.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' https://cdn-ukwest.onetrust.com https://images.ctfassets.net https://static.moonpay.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4f9819648cf6c369f00daa5b3a3a0ea7&dd-evp-origin=content-security-policy&ddsource=csp-report 1
script-src 'report-sample' 'nonce-eLuOzuJta8kAqpJFZGA3MA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /business/_/AdsLpServingHttp/cspreport 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl https://app.powerbi.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com ; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://app.powerbi.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/  https://service.pdok.nl/ https://data.rivm.nl/  https://*.openstreetmap.org/ https://chemkap.rivm.nl; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl https://app.powerbi.com; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/  https://app.powerbi.com; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 1
connect-src 'self' https: https://www.googletagmanager.com https://log.xiti.com p1.parsely.com; default-src 'self' https:; frame-src 'self' https: https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data: https://www.googletagmanager.com p1.parsely.com; object-src 'none'; script-src 'self' https: https://tag.aticdn.net 'nonce-YjkFh2PaWHHa8arbGr/7TA=='; style-src 'self' https: 'nonce-YjkFh2PaWHHa8arbGr/7TA=='; report-uri /csp-violation-report 1
require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe goog#html; report-uri https://csp.withgoogle.com/csp/angular.io 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: jadserve.postrelease.com *.clarity.ms cdn.inbenta.io *.smartadserver.com edge.fullstory.com vlibras.gov.br trends.revcontent.com cdn.dynaton.com.br api2.branch.io event.getblue.io *.criteo.com cdn.amplitude.com widget.getblue.io tm.jsuol.com.br *.qualtrics.com www.googletagmanager.com *.yahoo.net *.pinterest.com i.liadm.com cdn.cookielaw.org acdn.adnxs.com api2.amplitude.com *.bidswitch.net *.taboola.com www.google-analytics.com e1.emxdgt.com s.ad.smaato.net neo.dynaton.com.br *.rubiconproject.com *.voegol.com.br *.doubleclick.net bat.bing.com eb2.3lift.com *.facebook.com *.zendesk.com simage2.pubmatic.com *.outbrain.com c.bing.com secure.adnxs.com www.dwin1.com api.intentiq.com *.onetrust.com www.google.com ade.clmbtech.com mastertag.roundler.com.br www.google.com.br adservice.google.com s3-sa-east-1.amazonaws.com tsdtocl.com rs.fullstory.com api-gcb02.inbenta.io analytics.google.com *.uol.com.br match.sharethrough.com api.lab.amplitude.com us.creativecdn.com sync-criteo.ads.yieldmo.com *.casalemedia.com ekr.zdassets.com maxcdn.bootstrapcdn.com sdk.inbenta.io secure.afilio.com.br ads.stickyadstv.com exchange.mediavine.com ib.adnxs.com static.zdassets.com ad.360yield.com *.pinimg.com *.dynatrace.com tags.creativecdn.com analytics.pangle-ads.com sync.intentiq.com *.tiktok.com *.salesforce.com criteo-partners.tremorhub.com cdn.jsdelivr.net criteo-sync.teads.tv use.typekit.net unpkg.com visitor.omnitagjs.com contextual.media.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vtb.ru; style-src data: blob: 'unsafe-inline' https://*; img-src data: blob: https://*; connect-src blob: 'self' https://*.vtb.ru; object-src blob: 'self' https://*; font-src data: blob: 'self' https://*; worker-src blob: 'self' https://*.vtb.ru; media-src data: blob: filesystem: 'self' https://*; manifest-src 'self' 1
default-src 'none'; connect-src 'self' data: *; font-src 'self' https://fonts.gstatic.com; img-src 'self' * data: blob: 'unsafe-inline'; media-src 'self' * data: blob: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-0uRAlsie9jPZusmj6flrT0uR'; style-src 'self' 'unsafe-inline' *; report-uri /marketplace/api/csp-report 1
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; report-uri /csp-report; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';report-uri /csp.php 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-15a7ff9be3d3429c8eb0b7ff1634d6ef'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-15a7ff9be3d3429c8eb0b7ff1634d6ef'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=145-3647380-5130656:rid=DA6089AA86BD4F5CA0C6:sn=www.amazongames.com 1
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-HdPS3fmwjFy9p95jWdbjKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.snapchat.com hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.usercentrics.eu *.recaptcha.net;connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net *.tiktok.com *.snapchat.com *.appsflyer.com hcaptcha.com *.hcaptcha.com https://*.eu01.nr-data.net *.usercentrics.eu;font-src 'self' data: https: ; img-src 'self' data: https: *.usercentrics.eu; object-src 'self' *.usercentrics.eu;media-src 'self' *.unidays.world *.googleapis.com *.usercentrics.eu;script-src 'self' https: 'unsafe-inline' 'nonce-MTkEprmamECK2JtLNg0Nuw==' 'sha256-n8pqmC7lmBWA2YCF3rtznE7VOy9eocpq85POai9F1WU=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-g9OxQphxporGYTZoKLVRyBlw/YE09L1FBbf89tFWWz4=' 'sha256-FIhX+YlCX/mDgfVKSE47aYd0Shmm38UT5k6gKibikZ0=' 'sha256-YaDWSIuM6H64qsjkVQd7wJgx2v1Mq47Fo+j1N6emdo4=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' hcaptcha.com *.hcaptcha.com *.usercentrics.eu;style-src 'self' 'unsafe-inline' https: hcaptcha.com *.hcaptcha.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api-mg2.db-ip.com ced-ns.sascdn.com s3.lightboxcdn.com newsletter.pressdemocrat.com pi.ispot.tv cdn.tepatonol.com *.outbrain.com feeds.pressdemocrat.com api.rlcdn.com cms.quantserve.com www.lightboxcdn.com acdn.adnxs-simple.com *.bidswitch.net adrta.com ads.yieldmo.com *.imrworldwide.com flo.uri.sh dsp.adfarm1.adition.com cdn.onesignal.com *.bluekai.com assets.revcontent.com disco.headliner.link *.secondstreetapp.com cdn.enterombacerick.com *.b-cdn.net *.adform.net d-code.liadm.com cdn.cookie-script.com *.akamaihd.net pn.ybp.yahoo.com u-iad04.e-planning.net aam.a47b.com *.msecnd.net *.sentry.io *.bidr.io ads.pubmatic.com *.adotmob.com cdn.viafoura.net c.ltmsphrcl.net jadserve.postrelease.com cdn.o1ych4jb.com tcheck.outbrainimg.com crcdn09.adnxs-simple.com cdn.wgchrrammzv.com *.admanmedia.com ap-assets.attainplatform.io nrb.ybp.yahoo.com *.googleadservices.com z.moatads.com crcldu.com view.adjust.com sync.adkernel.com cdn.pressdemocrat.com *.dotomi.com *.akamaized.net *.mathtag.com dmp.adblade.com beacon.tru.am creatives.sascdn.com creativecdn.com depart.trinitymedia.ai *.everesttech.net *.2mdn.net a-pdx.1rx.io impression.appsflyer.com presentation-pdx1.turn.com cdn.ex.co e.issuu.com prod-use.perf-serving.com fastlygeo.m32.media dc.arrivalist.com rtb-use.mfadsrvr.com app.matheranalytics.com cdn.sy57d8wi.com crcdn01.adnxs-simple.com public.flourish.studio *.facebook.net *.gvt1.com hblg.media.net *.azureedge.net cdn.js7k.com eb2.3lift.com *.amazon.com www.googletagservices.com collector-1.ex.co cdn.stackadapt.com tag.researchnow.com 1x1.a-mo.net classifieds.pressdemocrat.com assets.a-mo.net ets-us-east-1.track.smaato.net www.buzzsprout.com *.sitescout.com uploaded-recordings.sparemin.com static-content-1.smadex.com i0.wp.com cdn.jsdelivr.net oba-pool-usw.perf-serving.com www.googletagmanager.com bh.contextweb.com s.ntv.io *.demdex.net idx.liadm.com *.adsrvr.org maps.pressdemocrat.com id.a-mx.com *.c3tag.com video.turncdn.com trinitymedia.ai www.bing.com *.zemanta.com c.bing.com bttrack.com b.videoamp.com ap.attainplatform.io cm.teads.tv log.outbrainimg.com cdn.mircheigeshoa.com s8t.teads.tv www.google.de tag.yieldoptimizer.com dc.services.visualstudio.com onesignal.com img.sparemin.com code.pressdemocrat.com pixel.quantcount.com *.auth0.com ads.stickyadstv.com tracker.samplicio.us js.matheranalytics.com cdn-gusw1-xch.media.net dsa.moatads.com feed.pghub.io api.headliner.link br-trk.smadex.com cdn.playbuzz.com a.teads.tv contextual.media.net consent.cookie-script.com ajs-assets.ftstatic.com choices.trustarc.com tru.am ow.pubmatic.com agen-assets.ftstatic.com cdn.id5-sync.com *.yahoo.net *.flashtalking.com js.ad-score.com datawrapper.dwcdn.net s-files.innovid.com fei.pro-market.net id.crwdcntrl.net cdn.adnxs.com *.twitter.com ir.surveywall-api.survata.com *.casalemedia.com rp.liadm.com cdn.pranmcpkx.com bcp.crwdcntrl.net cdn.q20jqurls0y7gk8.info mgln.ai ad.turn.com nym1-ib.adnxs.com u-sjc03.e-planning.net *.agkn.com *.windows.net api.lightboxcdn.com metrics.getrockerbox.com beap-bc.yahoo.com lbs-event.gcp.lineate-33x.net cs.media.net flint.defybrick.com choices-or.trustarc.com a.audrte.com csync.loopme.me *.googleapis.com www.google.co.uk api.pressdemocrat.com cdn.prod.uidapi.com rb.adnxs.com *.criteo.com exch.quantserve.com studio-t.teads.tv cadmus2.script.ac s.yimg.com pxl.iqm.com cdn1.extremereach.io ssc-cms.33across.com images.outbrainimg.com embed-1034466.secondstreetapp.com acdn.adnxs.com *.googlevideo.com cdn.apharponloun.com ajs.a47b.com content.quantcount.com a.a47b.com verify.amxrtb.com cdn.sbgsodufuosmmvsdf.info t.adx.opera.com de.tynt.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.drmax-gl.dev *.drmax-ro.space *.drmax.net *.drmax.ro *.drmax.zone *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.sentry.io *.twitter.com ams.creativecdn.com api.luigisbox.com attr-2p.com bam.eu01.nr-data.net bat.bing.com cdn.jsdelivr.net cdn.speedcurve.com cdnjs.cloudflare.com cdp.drmax.meiro.io cdp.drmaxro.meiro.io consent.cookiebot.com consentcdn.cookiebot.com dtm-dre.platform.hicloud.com event.2performant.com fledge-eu.creativecdn.com fonts.gstatic.com googleads.g.doubleclick.net image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s.yimg.com s.yimg.com scripts.persoo.cz search-service.drmax-gl.space static.cloudflareinsights.com stats.g.doubleclick.net t.profitshare.ro tags.creativecdn.com td.doubleclick.net tpc.googlesyndication.com unpkg.com www.googleadservices.com/pagea www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com ; report-to csp-endpoint; report-uri /_cspreports; img-src * data:; 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' www-embed-player.js *.cookiebot.com *.cookiefirst.com *.google-analytics.com www.instagram.com *.facebook.net *.tiktok.com *.ads-twitter.com *.twitter.com lf16-tiktok-web.ttwstatic.com cdn.unibuddy.co *.googletagmanager.com bat.bing.com w.soundcloud.com s.yimg.com sc-static.net snap.licdn.com www.googleadservices.com *.doubleclick.net siteimproveanalytics.com www.youtube.com *.hotjar.com *.linkedin.com service.force.com *.salesforceliveagent.com universityofportsmouth.my.salesforce.com *.formstack.com *.googleapis.com cdn.jsdelivr.net www.google.ie sfapi.formstack.io az416426.vo.msecnd.net discoveruni.gov.uk *.discoveruni.gov.uk *.matterport.com webteamuop.github.io *.port.ac.uk *.secure.force.com portsmouthuni.h5p.com *.go-mpulse.net js-agent.newrelic.com *.algolia.net *.jquery.com bot.ivy.ai bam.nr-data.net *.force.com *.clarity.ms dev.visualwebsiteoptimizer.com artsthread.com tr.snapchat.com tags.srv.stackadapt.com https://rv-vepple-embed.web.app https://builder.lift.acquia.com universityofportsmouth.my.salesforce-sites.com vimeo.com https://player.vimeo.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com universityofportsmouth--chatbotdv2.sandbox.lightning.force.com universityofportsmouth.tfaforms.net; object-src 'none'; style-src 'self' 'unsafe-inline' modernizr.min.js *.googleapis.com platform.twitter.com lf16-tiktok-web.ttwstatic.com  *.force.com static.formstack.com formsprod.azureedge.net sfapi.formstack.io port.formstack.com *.cookiefirst.com webteamuop.github.io *.port.ac.uk *.googletagmanager.com artsthread.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com universityofportsmouth.my.salesforce-sites.com embed.tawk.to *.tawk.to cdn.jsdelivr.net builder.lift.acquia.com *.formstack.io universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com; img-src  'self' data: *.google-analytics.com i.vimeocdn.com i.ytimg.com *.googletagmanager.com jadserve.postrelease.com bat.bing.com sp.analytics.yahoo.com *.siteimproveanalytics.io *.facebook.com *.facebook.net *.twitter.com t.co *.doubleclick.net googleads.g.doubleclick.net *.linkedin.com uks-prd-xp2-cd.azurewebsites.net ormsprod.azureedge.net port.formstack.com maps.gstatic.com *.googleapis.com lh3.ggpht.com www.google.ie *.cookiefirst.com formsprod.azureedge.net discoveruni.gov.uk *.force.com *.universityofportsmouth.my.salesforce.com *.salesforce.com *.port.ac.uk bot.ivy.ai *.clarity.ms *.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com blob: https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com *.frontdoorcdn.formstack.io https://frontdoorcdn.formstack.io images.artsthread.com *.google.co.uk; media-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com *.linkedin.com portsmouthuni.h5p.com w.soundcloud.com viewer.joomag.com *.cookiebot.com www.instagram.com *.facebook.com *.tiktok.com *.twitter.com embed.acast.com unibuddy.co popcard.unibuddy.co tr.snapchat.com *.doubleclick.net view.genial.ly service.force.com *.hotjar.com *.matterport.com webteamuop.github.io universityofportsmouth.force.com *.port.ac.uk *.secure.force.com open.spotify.com *.google.com port.cloud.panopto.eu bot.ivy.ai app.nearpod.com *.visualwebsiteoptimizer.com universityofportsmouth.my.salesforce-sites.com *.tawk.to; frame-ancestors 'self' portsmouthuni.h5p.com; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com use.typekit.net *.modernizr.min.js  static.formstack.com fonts.googleapis.com bot.ivy.ai cdn.scite.ai embed.tawk.to *.tawk.to; connect-src  'self' *.google-analytics.com www.googletagmanager.com marketing.port.ac.uk sentry10.bynder.cloud www.ucas.com *.tiktok.com tr.snapchat.com *.doubleclick.net s.yimg.com *.linkedin.com *.secure.force.com sfapi.formstack.io *.googleapis.com *.algolia.net *.cookiefirst.com ohpuem12fk-3.algolianet.com *.facebook.com vc.hotjar.io dc.services.visualstudio.com prod-discoveruni.azure-api.net cdn.linkedin.oribi.io webteamuop.github.io *.algolianet.com *.go-mpulse.net bam.nr-data.net *.akstat.io *.akamaihd.net *.hotjar.com plugin.ucads.ucweb.com *.clarity.ms tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.port.ac.uk vimeo.com universityofportsmouth.my.salesforce-sites.com artsthread.com eu.perz-api.cloudservices.acquia.io *.google.com va.tawk.to embed.tawk.to *.tawk.to wss://*.tawk.to insights.algolia.io virtual.port.ac.uk *.virtual.port.ac.uk *.analytics.pangle-ads.com https://api.portsmouth.rvhosted.com eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com https://google.com blob: https://analytics.pangle-ads.com https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com 1
style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; trusted-types sanitizer unsafe dompurify scriptHelper 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' api.audible.de audible.sc.omtrdc.net audible.tt.omtrdc.net consent-pref.trustarc.com/defaultconsentmanager/ ct.pinterest.com dpm.demdex.net fls-eu.amazon.com m.media-amazon.com ssl.google-analytics.com/j/__utm.gif stats.g.doubleclick.net/j/collect tr.outbrain.com tr.snapchat.com unagi-eu.amazon.com unagi.amazon.com www.facebook.com/tr/ www.google.com/pagead/landing; font-src m.media-amazon.com www.audible.com www.audible.de; frame-src 'self' 12320038.fls.doubleclick.net 8360274.fls.doubleclick.net ad3.adfarm1.adition.com audible.demdex.net consent-pref.trustarc.com consent.trustarc.com ct.pinterest.com d1eoo1tco6rr5e.cloudfront.net insight.adsrvr.org td.doubleclick.net tr.snapchat.com www.audiencemanager.de www.awin1.com www.everestjs.net www.facebook.com; img-src 'self' ad.doubleclick.net/activity ad.doubleclick.net/ddm/activity/ ad3.adfarm1.adition.com adservice.google.com alb.reddit.com bat.bing.com consent.trustarc.com ct.pinterest.com dpm.demdex.net dsp.adfarm1.adition.com fls-eu.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com imagesrv.adition.com m.media-amazon.com p.trackmytarget.com pixel.everesttech.net/1/cm/ ssl.google-analytics.com/__utm.gif ssl.google-analytics.com/r/__utm.gif stats.g.doubleclick.net tr.outbrain.com trck.spoteffects.net www.facebook.com www.google.at/ads/ga-audiences www.google.at/pagead/1p-user-list/ www.google.be/ads/ga-audiences www.google.be/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.com www.google.de/ads/ga-audiences www.google.de/pagead/1p-user-list/ www.googletagmanager.com; media-src 'self' m.media-amazon.com samples.audible.de; script-src 'self' 'unsafe-inline' akt.audiencemanager.de amplify.outbrain.com audible.sc.omtrdc.net bat.bing.com cdn.tmtarget.com cdn.trackmytarget.com/tracking/s/checkout.min.js connect.facebook.net consent.trustarc.com d1g3myji5lplsh.cloudfront.net d2jpk0qucvwmsj.cloudfront.net googleads.g.doubleclick.net images-eu.ssl-images-amazon.com prf.audiencemanager.de s.pinimg.com sc-static.net ssl.google-analytics.com tr.outbrain.com tr.snapchat.com trck.spoteffects.net wave.outbrain.com www.dwin1.com www.everestjs.net/static/amo-conversion-mapper.js www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'self' 'unsafe-inline' images-eu.ssl-images-amazon.com; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com maps.google.com; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-J_2yL2zI7pfSp9i3NT7epw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.7-eleven.com www.google.ca www.google.co.uk js-agent.newrelic.com client.px-cloud.net *.gstatic.com www.google.com.ph cdn.clarip.com *.googleapis.com collector-pxdr7isq2u.px-cloud.net collector-pxdr7isq2u.pxchk.net md-scp.kampyle.com analytics.google.com *.facebook.net translate.google.com kit-uploads.fontawesome.com udc-neb.kampyle.com www.google.co.in www.google.com.my *.doubleclick.net www.google.com images.contentstack.io *.cloudfront.net www.googletagmanager.com cdn.contentstack.io www.youtube.com bam.nr-data.net apis.7-eleven.com collector-pxdr7isq2u.px-cdn.net api.7-eleven.com region1.analytics.google.com nebula-cdn.kampyle.com www.google.co.th ka-p.fontawesome.com www.google.com.au kit.fontawesome.com www.google.dk sc-static.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io prreqcroab.icu *.arcgis.com secure.quantserve.com *.everesttech.net *.hotjar.com *.facebook.com www.google.com *.gstatic.com *.2o7.net www.google-analytics.com *.doubleclick.net pixel.quantserve.com assets.adobedtm.com www.googletagmanager.com adservice.google.com *.demdex.net *.omtrdc.net rules.quantcount.com *.facebook.net *.licdn.com cdn.jsdelivr.net www.google.co.nz *.googleapis.com analytics.google.com *.pinterest.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1
object-src 'none';  script-src 'nonce-t7B0YbD1Q9tXyQdqOv6pAjsgyLmNsbFYW7L1hRNUb3I=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;  base-uri 'self' https://*.qbrick.com/; report-uri /api/csp/report/; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-7KUAVPMeJvvMRiiJ+xqB' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
object-src 'none';base-uri 'self';script-src 'nonce-oGB-V0jkMH9YRvIV3Cz7Wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com https://www.mczbf.com https://a.quora.com https://static.ads-twitter.com https://analytics.tiktok.com https://tags.srv.stackadapt.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fullstory.com https://cdn.segment.com https://edge.fullstory.com https://js.partnerstack.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.optimizely.com https://www.mczbf.com https://region1.google-analytics.com https://analytics.tiktok.com https://partnerlinks.io ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.optimizely.com ; frame-ancestors * ; object-src 'none' ; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/abc_xyz 1
base-uri 'self'; connect-src 'self' https://loveholidays-dataplane.rudderstack.com https://www.google.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://a.loveholidays.com https://sdk.primer.io https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://a.loveholidays.com https://www.holidaypirates.com https://www.googletagmanager.com https://maps.googleapis.com https://*.g.doubleclick.net https://tagmanager.google.com https://bat.bing.com https://www.googleadservices.com https://sslwidget.criteo.com https://widget.eu.criteo.com https://static.criteo.net https://connect.facebook.net; img-src 'self' data: blob: https://a.loveholidays.com https://www.facebook.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; font-src 'self' data: https://a.loveholidays.com https://fonts.gstatic.com; media-src 'self' data: blob:; worker-src 'self' blob: https://a.loveholidays.com; report-uri /csp-report/; report-to /csp-report/ 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src 'self' web-analytics.intelliscapesolutions.com; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com www.google.com www.gstatic.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com www.google.com www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://intelliscape.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: em-font-service-prod.airtrfx.com analytics.google.com www.google.com.sa www.google.co.in www.google.co.kr gc.kis.v2.scr.kaspersky-labs.com *.useinsider.com www.thaiairways.com www.google.com.tr www.google.com.kh teamsite-bucket.s3-ap-southeast-1.amazonaws.com www.google.com.vn em-frontend-assets.airtrfx.com tags.tiqcdn.com thaiairways.s3.amazonaws.com www.google.co.jp stackpath.bootstrapcdn.com openair-california.airtrfx.com www.thaismileair.com www.takemetour.com *.googleapis.com mm-prerendering-static-prod.airtrfx.com www.google.ae www.google.no datacore-write.securitytrfx.com www.google.com.pk www.google.lk www.google.ca *.onetrust.com www.google.ro www.google.com.hk www.google.com.mm www.google.fr ssl.google-analytics.com *.facebook.com assets.airtrfx.com *.doubleclick.net thaiairways.s3-ap-southeast-1.amazonaws.com www.google.com.np *.googlesyndication.com www.google.com.my code.jquery.com www.google.com.tw www.google.de www.google-analytics.com *.naver.com cdnjs.cloudflare.com www.google.co.id thaiairways.s3.ap-southeast-1.amazonaws.com www.google.se d.line-scdn.net region1.google-analytics.com www.google.nl www.google.com.bd wcs.naver.net *.facebook.net www.google.com.ph www.googletagmanager.com www.google.at www.thaiair.co.jp sawasdee.thaiairways.com endpoint2.collection.sumologic.com www.google.co.th vg-api.airtrfx.com geolocation.airtrfx.com tags.tiqcdn.cn www.google.it translate.google.com www.google.com www.google.ch tenant-code-to-type-mapper.everymundo.workers.dev region1.analytics.google.com book.thaiairways.com statse.webtrendslive.com api.openweathermap.org s3-eu-west-1.amazonaws.com www.google.co.nz em-frame.securitytrfx.com teamsite-bucket.s3.amazonaws.com em-tr4ck-settings.airtrfx.com www.google.la ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.io wss: https://cn2bi8ujy8.execute-api.us-east-1.amazonaws.com https://taskade-files.s3.us-east-1.amazonaws.com https://files.taskade.com https://vimeo.com https://fast.wistia.com https://*.loom.com https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://r.wdfl.co;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self' data:;frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1
default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/p/action/25080479.js https://cmp.osano.com/6orGTTANycUp8SXp/b6faaa7e-e779-4437-bfd7-b1690b5f61c1/osano.js https://cmp.osano.com/6orGTTANycUp8SXp/487f6b25-d82c-4778-af85-14932b8ea351/osano.js https://connect.facebook.net/signals/config/119620336139212 https://fast.wistia.com/assets/external/facebookPixel.js https://info.discoveryeducation.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/715270855/ https://munchkin.marketo.net/162/munchkin.js https://okt.to/ping https://tagmanager.google.com https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://info.discoveryeducation.com https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://063-SDC-839.mktoresp.com https://app.clearbit.com https://distillery.wistia.com https://e.clarity.ms https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com data: https://use.typekit.net; frame-src 'self' https://info.discoveryeducation.com https://js.driftt.com https://www.facebook.com; img-src 'self' https://analytics.twitter.com https://dbl-live-website.imgix.net https://embed-ssl.wistia.com https://fast.wistia.com https://info.discoveryeducation.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.sv https://ssl.gstatic.com https://www.gstatic.com data:; manifest-src 'self'; media-src 'self'; report-uri https://e6390b213471fc12db8189a84997cf1e.report-uri.com/r/d/csp/wizard; worker-src blob:; report-to default; 1
form-action 'self' https://www.gov.uk/find-local-council; base-uri 'self'; default-src 'self'; img-src 'self' https://fonts.gstatic.com/s/ https://c.bing.com/ https://i.ytimg.com/ *.clarity.ms/ https://gcweb-cdn.azurewebsites.net/public/images/ https://gcweb-cdn.azurewebsites.net https://images.ctfassets.net/j16ev64qyf6l/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/g/ https://translate.google.com/; font-src 'self' https://assets.nhs.uk/fonts/ https://fonts.gstatic.com/s/ https://gcweb-cdn.azurewebsites.net/govuk/assets/fonts/ ; style-src-elem 'self' 'report-sample' 'sha256-bkxn48CiACrLaazKKuuWPAMoy6QyLH6Y+kyWE4X6BTg=' 'sha256-lsHvQO09UQjUmSt7+sj9urokObsFAWDs4ZKfyv54piE=' 'sha256-KM0kf5tVQsbVRz3atcHTWbJjTgQxFis9x1LgBtbKyLk=' 'sha256-SgH/F5bvhJFMra8zq+TzaW2hHlWVQ1qyE+Kyv/DlcLQ=' 'sha256-0VLnH04eHMnWYZEq0lt07y9IPS3Xh+fknk5JC6+G4TI=' https://hosteduxprod.blob.core.windows.net/public-files/ https://www.gstatic.com https://gcweb-cdn.azurewebsites.net/public/stylesheets/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ ; style-src 'self' 'report-sample' 'sha256-bkxn48CiACrLaazKKuuWPAMoy6QyLH6Y+kyWE4X6BTg=' 'sha256-lsHvQO09UQjUmSt7+sj9urokObsFAWDs4ZKfyv54piE=' 'sha256-KM0kf5tVQsbVRz3atcHTWbJjTgQxFis9x1LgBtbKyLk=' 'sha256-SgH/F5bvhJFMra8zq+TzaW2hHlWVQ1qyE+Kyv/DlcLQ=' 'sha256-0VLnH04eHMnWYZEq0lt07y9IPS3Xh+fknk5JC6+G4TI=' https://hosteduxprod.blob.core.windows.net/public-files/ https://www.gstatic.com https://gcweb-cdn.azurewebsites.net/public/stylesheets/ https://fonts.googleapis.com/ https://www.googletagmanager.com/; object-src 'none'; connect-src 'self' https://ui.customsearch.ai/api/search/ https://translate.googleapis.com/element/ https://www.google-analytics.com/ https://region1.google-analytics.com/ *.clarity.ms/ ; script-src-elem 'self' 'report-sample' https://ui.customsearch.ai/api/ux/ https://customsearch.googleapis.com/customsearch/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://www.clarity.ms/tag/ https://code.jquery.com/ https://www.google-analytics.com/ https://www.clarity.ms/s/ https://gcweb-cdn.azurewebsites.net/public/images/ ; script-src 'self' 'report-sample' https://ui.customsearch.ai/api/ux/ https://customsearch.googleapis.com/customsearch/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://www.clarity.ms/tag/ https://code.jquery.com/ https://www.google-analytics.com/ https://www.clarity.ms/s/ ; media-src 'self' https://videos.ctfassets.net/j16ev64qyf6l/; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com ; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://649c1f793723daccf205f6d3.endpoint.csper.io?v=12; 1
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-mCZUnaqKvF6sTxI9v58sTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-dY-I515CRgIgqJ_c7dl-yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.stackadapt.com https://*.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.com https://content-wg.gcdn.co ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://player.captivate.fm/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-4i7Aj5n3yWDulMSOQBxHbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-to cf-csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://widget-mediator.zopim.com https://js-na1.hs-scripts.com https://static.zdassets.com https://sdk.inbenta.io https://chatbot.backoffice.gympass-staging.com/chatbot-site-gympass-com.js https://cdn.optimizely.com https://maps.googleapis.com https://x.clearbitjs.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com cdn.segment.com bat.bing.com/bat.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdn.optimizely.com/js/ cdn.segment.com/analytics.js/ cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js code.jquery.com/jquery-3.6.0.min.js connect.facebook.net/en_US/fbevents.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ j.6sc.co/6si.min.js js.driftt.com/include/ js.hs-analytics.net/analytics/ js.hs-banner.com/ js.hs-scripts.com/ js.hsadspixel.net/fb.js js.hsforms.net/forms/v2.js js.hsleadflows.net/leadflows.js js.usemessages.com/conversations-embed.js rum-static.pingdom.net/ s.yimg.com/wi/ytc.js script.hotjar.com/ snap.licdn.com/li.lms-analytics/insight.min.js static.hotjar.com/c/ static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js tag.clearbitscripts.com/v1/ tpc.googlesyndication.com/ unpkg.com/blip-chat-widget clarity.ms/tag/uet/ *.clarity.ms/tag/uet/ https://www.googleadservices.com/pagead/ x.clearbitjs.com/v2/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.js https://bat.bing.com/p/action/ https://connect.facebook.net/signals/config/ https://js.hubspot.com/web-interactives-embed.js https://www.clarity.ms/s/; style-src 'self' 'unsafe-inline' https://sdk.inbenta.io fonts.googleapis.com https://www.googletagmanager.com/ https://s3.amazonaws.com/raichu-beta/ https://static.play.ht/playht-pageplayer-plugin.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://sdk.iad-03.braze.com/api/v3/data inbenta.io *.inbenta.io https://api.inbenta.io wss://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io *.zendesk.com zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://maps.googleapis.com https://unlogged.users.gympass-staging.com https://www.google-analytics.com analytics.google.com adservice.google.com adservice.google.com/pagead adservice.google.com/pagead/ https://adservice.google.com/pagead https://adservice.google.com/pagead/ https://www.google.com/ https://www.google.com.br/ *.google.com google.com.br api.hubapi.com hubspot.com *.hubspot.com api.segment.io app.clearbit.com bat.bing.com cdn.segment.com epsilon.6sense.com *.optimizely.com optimizely.com forms.hsforms.com in.hotjar.com ipv6.6sc.co js.hs-banner.com *.clarity.ms rum-collector-2.pingdom.net s.yimg.com stats.g.doubleclick.net unlogged.users.gympass.com https://play.ht/api/v2/ https://places.geo.us-east-1.amazonaws.com https://*.cloudfront.net https://px.ads.linkedin.com https://analytics.tiktok.com/api/v2/pixel/ api.reclameaqui.com.br https://browser-intake-datadoghq.com/api/v2/rum https://rum.browser-intake-datadoghq.com/api/v2/rum https://www.facebook.com/ https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.io/; font-src 'self' data: https://cdn.inbenta.io fonts.gstatic.com https://assets-cdn.gympass.com https://script.hotjar.com/ https://s3.amazonaws.com/play-plugin/build/font; frame-src 'self' https://gympass.chat.blip.ai optimizely.com *.cdn.optimizely.com bid.g.doubleclick.net forms.hsforms.com js.driftt.com meetings.hubspot.com tpc.googlesyndication.com vars.hotjar.com facebook.com https://www.facebook.com/ www.googletagmanager.com/ https://td.doubleclick.net; img-src 'self' data: https://s3.amazonaws.com/raichu-beta/ https://assets-cdn.gympass-staging.com https://assets-cdn.gympass.com https://images.partners.gympass.com/ https://p.adsymptotic.com https://www.googletagmanager.com *.inbenta.com inbenta.com https://gympass-staging-images-us.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com *.clarity.ms/ cloudfront.net *.cloudfront.net https://www.google.com/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.com/pagead/1p-user-list/ b.6sc.co bat.bing.com https://c.bing.com/ forms-na1.hsforms.com forms.hsforms.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ px.ads.linkedin.com sp.analytics.yahoo.com track.hubspot.com facebook.com https://www.google-analytics.com google.com google.com.br www.google.com.br https://www.google.co.uk/ https://www.google.com.ar/ https://www.google.com.mx/ https://www.google.de/ https://www.google.es/ https://www.google.cl/ https://www.google.it/ https://www.facebook.com/ https://fonts.gstatic.com/ https://px4.ads.linkedin.com/collect https://www.linkedin.com/px/ https://perf-na1.hsforms.com/embed/v3/counters.gif; manifest-src 'self'; media-src 'self' https://static.zdassets.com; worker-src 'self' *.gympass-staging.com blob:; 1
default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https: wss: moz-extension: chrome-extension: http://fonts.googleapis.com/ http://whova.com http://*.twimg.com; report-uri https://whova.com/_csp 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; report-uri https://search.ch/api/mixedcontent.json 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artforum.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/about_youtube 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; connect-src 'self' data: https://*.typekit.net/ https://*.honeybadger.io https://*.convertkit.com/ https://*.convertexperiments.com/ https://*.profitwell.com https://*.usefathom.com/ https://*.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://embedwistia-a.akamaihd.net/; font-src 'self' data: https://use.typekit.net; frame-src https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typekit.net/ https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://*.convertexperiments.com/ https://gist.github.com https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js; style-src 'self' 'unsafe-inline' https://*.typekit.net https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com; media-src 'self' data: https://embedwistia-a.akamaihd.net https://*.wistia.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
connect-src 'self' www.google-analytics.com *.analytics.google.com gov-bam.nr-data.net; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.google-analytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com cdn.jsdelivr.net js-agent.newrelic.com gov-bam.nr-data.net *.google-analytics.com https://cdnjs.cloudflare.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.unocha.org/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-axxh1uk5MYBWWicHDa-i8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bKd6XGrCV3KG6D5NSYITsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src 'self' *.booztcdn.com fonts.gstatic.com *.booztlet.com *.booztx.com data: ; connect-src 'self' *.visualwebsiteoptimizer.com *.datadoghq.eu *.kronor.io wss://*.kronor.io *.google-analytics.com www.googleadservices.com www.googleoptimize.com api.mkmediaworks.com www.googletagmanager.com *.contentsquare.net kronor.io api.liveshopper.net analytics.tiktok.com cdn.avo.app wss://kronor.io input.noibu.com *.hotjar.com www.google.com www.googleadservices.com stats.g.doubleclick.net www.facebook.com geolocation.onetrust.com *.datadog.eu cdn.cookielaw.org *.hotjar.io *.hotjar.com browser-intake-datadoghq.eu wss://input.noibu.com *.booztlet.com *.sleeknote.com *.klarnacdn.net *.trustpilot.com *.g.doubleclick.net www.snapengage.com ws.hotjar.com *.booztcdn.com www.datadoghq-browser-agent.com *.booztlet.com *.browser-intake-datadoghq.eu dev.visualwebsiteoptimizer.com; script-src 'self' data: blob: t.contentsquare.net geolocation.onetrust.com *.datadoghq.eu *.g.doubleclick.net cdn.cookielaw.org www.googletagmanager.com *.sleeknote.com www.google.com *.hotjar.com www.snapengage.com 7276579.collect.igodigital.com *.trustpilot.com static.cloudflareinsights.com *.liveshopper.net sleeknotestaticcontent.sleeknote.com cdn.avo.app *.criteo.com *.klarnacdn.net *.criteo.net connect.facebook.net maps.googleapis.com *.hotjar.io cdn.noibu.com www.googleoptimize.com *.datadog.eu *.booztcdn.com *.kronor.io www.datadoghq-browser-agent.com *.google-analytics.com www.googleadservices.com dev.visualwebsiteoptimizer.com svht.tradedoubler.com analytics.tiktok.com sleeknotecustomerscripts.sleeknote.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.sleeknote.com *.booztlet.com *.booztcdn.com *.kronor.io data: 'unsafe-inline'; media-src *.booztcdn.com *.booztlet.com storage.googleapis.com; img-src optimize.google.com https: data: blob: 'unsafe-inline'; child-src 'self' *.freshchat.com fpt.booztlet.com *.google-analytics.com *.criteo.net www.facebook.com *.trustpilot.com data: blob: ; manifest-src 'self' *.booztlet.com; default-src 'self' *.booztlet.com; frame-ancestors 'self'; report-uri /csp-report/; report-to csp-reports 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com seeedstudio.us11.list-manage.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com https://bid.g.doubleclick.net seeedstudio.us11.list-manage.com *.sandbox.braintree-api.com *.paypal.com; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com maps.googleapis.com *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.taboola.com seeedstudio.us11.list-manage.com *.seeedstudio.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.weltpixel.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.seeedstudio.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com *.google.com.tw bat.bing.com *.facebook.com *.linkedin.com disqus.com *.disqus.com *.amazonaws.com *.taboola.com *.scorecardresearch.com *.viglink.com p.adsymptotic.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com static.cloudflareinsights.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com bazaar-upgrade.seeed.local bat.bing.com connect.facebook.net snap.licdn.com stats.g.doubleclick.net disqus.com *.disqus.com *.disquscdn.com seeedsite.disqus.com *.taboola.com *.scorecardresearch.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com *.sandbox.braintree-api.com static.cloudflareinsights.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.seeedstudio.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com nwzimg.wezhan.net *.sandbox.braintree-api.com *.paypal.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.seeedstudio.com *.twitter.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net *.taboola.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com arms-retcode.aliyuncs.com/ *.sandbox.braintree-api.com static.cloudflareinsights.com mc.yandex.ru https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 1
default-src 'self'; script-src 'report-sample' 'self' https://rum.layer0.co/latest.js https://cdn.optimizely.com/js/25353130117.js https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://cdn.cookielaw.org https://cdn.treasuredata.com/sdk/2.5/td.min.js https://cdn.treasuredata.com/sdk/3.1/td.min.js https://dynamic.criteo.com/js/ld/ld.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994487809/ https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://js-cdn.dynatrace.com https://marsconfigurator.ui.mms.com/main.js https://sslwidget.criteo.com/event *.klaviyo.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.dwin1.com/3219.js https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://tags.srv.stackadapt.com/sa.css https://cdnjs.cloudflare.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://eu01.in.treasuredata.com/js/v3/enable_global_id https://logx.optimizely.com/v1/events https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://bf98027gkr.bf.dynatrace.com https://cdn-marsconfigurator-service.mms.com https://cdn.cookielaw.org https://gtm.mms.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' https://cdnjs.cloudflare.com https://marsconfigurator.service.mms.com data:; frame-src 'self' https://td.doubleclick.net/ https://a25353130117.cdn.optimizely.com/ https://9452702.fls.doubleclick.net https://gum.criteo.com https://widget.trustpilot.com; img-src 'self' data: https://ad.360yield.com https://ad.doubleclick.net/ https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cdn.cookielaw.org https://cdn.media.amplience.net https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://https https://i.liadm.com https://ib.adnxs.com https://marsconfigurator.service.mms.com https://match.sharethrough.com https://matching.ivitrack.com https://partner.mediawallahscript.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://x.bidswitch.net *.stackadapt.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-5s1UCPQTqKWc18lk0CbkMG0IYokX1utP9ZMQQYiuwXk=' 'sha256-G5NvPksjkp09uU+DikUdTcBXp0UV/362J6blwWczw5I=' 'sha256-HLwLpFPvuHKI0X/UFMhOHQNt1eedIdJGTPML3b+GfWo=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-OifdWXgFw+IPMAs6Nnr1te5UDPoRIbkDLB1lXZmmRP8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.containers.piwik.pro https://*.wistia.com https://*.wistia.net https://maps.google.com https://maps.googleapis.com https://src.litix.io https://use.typekit.net;  script-src-elem 'self' 'report-sample' https: *.containers.piwik.pro *.wistia.com *.wistia.net maps.google.com maps.googleapis.com src.litix.io use.typekit.net 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.typekit.net fonts.googleapis.com fast.wistia.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' https: blob: *.wistia.net *.wistia.com maps.google.com maps.googleapis.com uwhealth.formstack.com; child-src 'self' blob:; img-src 'self' data: blob: *.wistia.net *.wistia.com *.typekit.net *.gstatic.com *.ggpht.com *.googleapis.com embedwistia-a.akamaihd.net images.ctfassets.net maps.google.com maps.googleapis.com res.cloudinary.com swedishamericanmychart.org i.ytimg.com; font-src 'self' data: *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com res.cloudinary.com use.typekit.net; connect-src 'self' microservices.uwhealth.dev microservices.uwhealth.org *.wistia.com *.typekit.net *.litix.io *.cloud.coveo.com embedwistia-a.akamaihd.net fonts.googleapis.com fonts.gstatic.com fast.wistia.net images.ctfassets.net maps.google.com maps.googleapis.com noembed.com res.cloudinary.com uwhealth.piwik.pro pnapi.invoca.net; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net res.cloudinary.com; prefetch-src 'self'; worker-src 'self' blob:; report-to testing 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net sync.console.adtarget.com.tr t.co www.google.com www.google.ie *.onetrust.com www.google.co.uk register.feefo.com *.doubleclick.net sp.analytics.yahoo.com csync.loopme.me newtestwww.discsrv.co.za click.prod.mplat-ppcprotect.com bat.bing.com ib.adnxs.com *.ads-twitter.com *.casalemedia.com s-cs.rmp.rakuten.com rt.udmserve.net *.clarity.ms onetag-sys.com www.google.co.zw maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gstatic.com *.kaspersky-labs.com *.adform.net 6ujl3qfhv7.execute-api.eu-west-1.amazonaws.com cdn.jsdelivr.net banner.vic-m.co *.googleapis.com analytics.pangle-ads.com static.vic-m.co *.discovery.co.za discoveryvitalitytagservice.inqubacx.com collect.feefo.com sync.1rx.io universal.iperceptions.com s.yimg.com *.yahoo.net zswpmanager.wip.mmc.com simage2.pubmatic.com localhost:8001 www.google.nl client.lunio.ai *.linkedin.com www.googletagmanager.com ssc-cms.33across.com *.ampproject.org ih.adscale.de match.sharethrough.com dhpdocu02:7002 ads.yieldmo.com sync-service.net analytics.google.com *.twitter.com www.google.co.za translate.google.com *.googlesyndication.com *.tiktok.com f.creativecdn.com v11cf13hx0.execute-api.eu-west-1.amazonaws.com pclick.prod.mplat-ppcprotect.com hbx.media.net www.youtube.com api.feefo.com www.google-analytics.com *.opendns.com fast.nexx360.io *.licdn.com *.googleadservices.com ad2.vic-m.co c.bing.com ice.360yield.com i.ytimg.com me.kis.v2.scr.kaspersky-labs.com tags.creativecdn.com sa.vic-m.co *.cloudfront.net discovery.co.za *.facebook.com www.google.de *.rfihub.com *.lijit.com www.googleoptimize.com www.google.co.mz cm.creativecdn.com sync.cenarius.orangeclickmedia.com usersync.gumgum.com api.iperceptions.com maps.google.co.za s.ad.smaato.net sync.e-planning.net sync.go.sonobi.com *.taboola.com localhost:8000 *.outbrain.com *.smartadserver.com cm.mgid.com *.rubiconproject.com ams.creativecdn.com www.google.com.sa eb2.3lift.com t.adx.opera.com ad.vic-m.co visitor.omnitagjs.com region1.analytics.google.com sync.connectad.io s.seedtag.com sync.addlv.smt.docomo.ne.jp bh.contextweb.com *.openx.net adservice.google.com assets.humanz.com i.imgur.com us.ck-ie.com router.infolinks.com inv-nets.admixer.net sync.teads.tv pbs.yahoo.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-cfadcb74e7a2247f9b476a7e' 'strict-dynamic' 'report-sample'  https://*.criteo.com https://static.criteo.net  https://*.facebook.com https://connect.facebook.net  https://*.hotjar.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com *.googletagmanager.com ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s-static.innovid.com *.onetrust.com adservice.google.com *.googlesyndication.com *.cineplex.com cdn.cookielaw.org *.azure.com assets.adobedtm.com analytics.pangle-ads.com *.adsrvr.org *.tiktok.com checkout.e-xact.com *.googleadservices.com *.adsafeprotected.com cdn.honey.io dc.services.visualstudio.com *.doubleclick.net *.doubleverify.com vjs.zencdn.net *.twitter.com edge.api.brightcove.com www.google.com *.akamaihd.net *.googleapis.com browser-update.org *.2mdn.net *.facebook.com *.ampproject.org *.gvt1.com *.gstatic.com *.msecnd.net edge.adobedc.net *.googlevideo.com manifest.prod.boltdns.net *.linkedin.com translate.google.com metrics.brightcove.com www.slant.co www.googletagmanager.com www.youtube.com fundingchoicesmessages.google.com *.googleusercontent.com *.facebook.net sc-static.net *.licdn.com *.snapchat.com www.googletagservices.com static0.srcdn.com www.google.ca www.buyatab.com *.brightcove.net *.everesttech.net *.demdex.net cf-images.us-east-1.prod.boltdns.net cinplx-digital-cdn.app.vista.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-qq1cRRRm0dHRpgdMi6Tt7g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' media1.jpc.de www.jpc.de; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' media1.jpc.de www.jpc.de 'nonce-nTgQ/4gFRZEsGrkw0PMe5LFDF41pfbXLZG3cjhIxZ9WHAf2cH84f7CfTji4mFsR6AyCVQJzO6HbGjjvxZh6g/A==' 'report-sample'; style-src 'self' media1.jpc.de www.jpc.de 'report-sample' 'unsafe-inline'; font-src 'self' media1.jpc.de www.jpc.de; img-src 'self' media1.jpc.de www.jpc.de data:; connect-src 'self' media1.jpc.de www.jpc.de https://use.jpc.de; report-uri /csp/; report-to csp-endpoint 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
connect-src 'self' https://api.usabilla.com https://beacon.krxd.net https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://tre-se.netlify.app https://www.google-analytics.com https://region1.google-analytics.com https://www.googleoptimize.com https://api.customersaas.com https://www.facebook.com https://www.google.com https://*.tre.se https://*.hotjar.com https://checkoutshopper-live.adyen.com https://cdn.linkedin.oribi.io https://adservice.google.com https://googleads.g.doubleclick.net https://webhook.gatsbyjs.com https://vc.hotjar.io https://fonts.gstatic.com https://*.tre.se https://*.mparticle.com wss://ws.hotjar.com https://content.hotjar.io https://*.optimizely.com; default-src 'self' https://*.tre.se; font-src 'self' data: https://static.customersaas.com; frame-src 'self' https://6142836.fls.doubleclick.net https://cdn.krxd.net https://d6tizftlrpuof.cloudfront.net https://www.facebook.com https://www.google.com/ https://www.youtube.com https://cloud.epost.tre.se https://coverage.tre.se https://tre.workbuster.com https://vars.hotjar.com https://checkoutshopper-live.adyen.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' data: http://images.ctfassets.net https://beacon.krxd.net https://clients1.google.com https://d6tizftlrpuof.cloudfront.net https://images.ctfassets.net https://jslog.krxd.net/ https://t.co https://tre-se.netlify.app https://w.usabilla.com https://www.facebook.com https://www.google-analytics.com/collect https://www.google.com https://www.google.se https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://d35v9wsdymy32b.cloudfront.net https://www.gstatic.com/ https://6142836.fls.doubleclick.net https://www.google.dk https://googleads.g.doubleclick.net https://checkoutshopper-live.adyen.com https://*.tre.se https://new-collect.albacross.com https://px.ads.linkedin.com https://ad.doubleclick.net; manifest-src 'self'; media-src 'self' https://videos.ctfassets.net; object-src 'none'; report-uri https://www.tre.se/logger/csp-report; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.adtr.io https://*.krxd.net https://adtr.io https://analytics.twitter.com https://api.usabilla.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://bat.bing.com https://cdn.bannerflow.com https://cdn.tre.se https://cdnn.tre.se https://clients1.google.com https://connect.facebook.net https://cse.google.com https://d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net https://gtm.adt313.net/jsTag  https://hi3gscriptbucket.blob.core.windows.net https://rules.quantcount.com https://s.ytimg.com https://secure.quantserve.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://w.usabilla.com/ https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.gstatic.com https://www.youtube.com https://static.customersaas.com https://*.hotjar.com https://serve.albacross.com https://*.mparticle.com https://tre.workbuster.com; style-src 'report-sample' 'self' 'unsafe-inline' https://d6tizftlrpuof.cloudfront.net https://www.google.com https://d1r5etm691cejh.cloudfront.net https://static.customersaas.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-eeKxU_xqXCQINJ8PeP6M1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.googleapis.com *.vimeo.com cdns.eu1.gigya.com www.youtube.com accounts.google.com assets.scott-sports.com api.mapbox.com www.google.ch unpkg.com *.doubleclick.net *.googleadservices.com metrics-nl.fitanalytics.com www.scott-sports.com www.google.it www.googletagmanager.com integrations.fitanalytics.com *.gstatic.com www.google.com.co www.google.at use.typekit.net analytics.google.com www.google.co.uk www.google.be www.google.es *.facebook.net www.google.com.ar www.google.co.in www.google.co.jp widget.fitanalytics.com npmcdn.com metrics.hotjar.io content.hotjar.io www.google.nl www.google.com.mx adservice.google.com www.google.cl widgets.onlinesizing.bike sm-medias.ssg-service.com *.addthis.com www.google.se events.mapbox.com cdn.jsdelivr.net api.onlinesizing.bike *.r.appspot.com www.google.com.br *.hotjar.com www.google.co.za mpct1.maropost.com scottdocs.s3.amazonaws.com 2.local.bidex.bike www.google.com www.google.fr metrics.fitanalytics.com *.facebook.com api.tiles.mapbox.com vc.hotjar.io *.cloudfront.net acsbapp.com asset.scott-sports.com p.typekit.net www.google.de www.google.co.nz i.ytimg.com *.youtube-nocookie.com cdn.acsbapp.com webtrack.chd01.com region1.analytics.google.com www.google.pt api.scott-sports.com apis.google.com www.google.cz www.google.si www.google.ca www.google.dk www.google.no s3.amazonaws.com www.google.com.au medias.ssg-service.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'unsafe-eval' cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net analytics.google.com vimeo.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.youtube.com www.paypal.com www.sandbox.paypal.com 'nonce-1Gd5mTYHUOJDZbMk/dClew=='; media-src cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net; style-src 'self' 'unsafe-inline' cdn.sidefx.com static.sidefx.com d2wvmrjymyrujw.cloudfront.net media.sidefx.com fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com www.gstatic.com; default-src 'self'; font-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com fonts.gstatic.com; frame-src 'self' data: static.sidefx.com media.sidefx.com www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com maps.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com www.sandbox.paypal.com; img-src 'self' data: cdn.sidefx.com static.sidefx.com media.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.googleapis.com i.ytimg.com *.vimeocdn.com www.paypal.com www.paypalobjects.com placekitten.com http://dummyimage.com *.google.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; connect-src 'self' www.google-analytics.com analytics.google.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com www.sandbox.paypal.com; report-uri https://www.sidefx.com/csp_reports/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' *.sentry.io https://*.doubleclick.net *.google.com https://*.googlesyndication.com wss://*.hotjar.com hotjar.com https://*.hotjar.io *.segment.com *.segment.io *.facebook.com *.google-analytics.com google.com.au *.google.com.au gstatic.com *.gstatic.com https://*.vibe.co https://auth.tuckercarlson.com https://*.launchdarkly.com; default-src 'self'; font-src 'self' fonts.cdnfonts.com https://*.typekit.net; frame-src 'self' https://*.doubleclick.net; img-src 'self' https://*.doubleclick.net *.facebook.com *.google.com google.com.vn *.google.com.vn imagedelivery.net https://*.vibe.co *.twitter.com *.lightboxcdn.com https://t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.cloudflareinsights.com *.cloudflarestream.com *.doubleclick.net *.googleadservices.com https://*.googlesyndication.co *.googletagmanager.com https://*.hotjar.com *.jquery.com *.jsdelivr.net *.sentry-cdn.com *.segment.com googlesyndication.com *.googlesyndication.com google.com *.google.com https://*.vibe.co *.lightboxcdn.com; style-src 'unsafe-inline' https://*.cdnfonts.com https://*.typekit.net 'self'; worker-src blob: 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=VoSl.3O_s30rXB2a3uu4rnt15G79AXglKy.Ovpzz948-1715739068-1.0.1.1-oF42us5Y5cpjgdqrzmCOmnKcmWOEpPtjuf3BhT.mVpsqeVV4Pq.p9MPDbtWk0vg1etT6xo95o02YklAi4JO3cS0TL5xHt1y5XUUt3YEt6nLdoYpLTfk._qWa4qxwGKLDH5TQZN95v0xICVZWnFW4lo1TQbrUom3y_XEdnuN.kLVywcXsSnd4Zns38Lm5X5hl3omsLmhPI2tg8o5rW88dCQ; report-to cf-mnhjpvkomrhmyggv 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com  *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net js.stripe.com www.gstatic.com *.googleapis.com ws.zoominfo.com www.google.com www.googletagmanager.com compilers.widgets.sphere-engine.com d34s7xanp5e5sf.cloudfront.net; connect-src 'self' api.stripe.com *.googleapis.com *.fontawesome.com wss://push.piazza.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org js.stripe.com; report-uri /security/csp_report 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.paddle.com connect.facebook.net mc.yandex.com mc.yandex.ru quantcast.mgr.consensu.org rules.quantcount.com secure.quantserve.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.paddle.com use.fontawesome.com www.iubenda.com translate.googleapis.com; img-src 'self' data: cms.quantserve.com mc.webvisor.org mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.uz pixel.quantcount.com pixel.quantserve.com ssl.google-analytics.com ssl.gstatic.com translate.google.com translate.googleapis.com www.facebook.com www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tn www.google.tt www.google.td www.google.je www.google.ws www.google.rw www.google.co.mz www.google.sc www.google.tm www.google.ga www.google.tg www.google.com.ag www.google.co.in www.google.ad www.google.ml www.google.cg www.google-analytics.com www.googletagmanager.com www.gstatic.com yastatic.net; connect-src 'self' audit-tcfv2.quantcast.mgr.consensu.org code.jquery.com mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz quantcast.mgr.consensu.org translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net est.quantcast.mgr.consensu.org; font-src 'self' fonts.gstatic.com use.fontawesome.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' m.youtube.com mc.yandex.com web.facebook.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com youtube.com; child-src 'self' www.facebook.com; worker-src 'self'; manifest-src 'self'; report-uri /secure-headers/report/r/d/csp/enforce; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-web.zinio.com https://js-agent.newrelic.com https://*.nr-data.net https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.paypal.com https://www.paypalobjects.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.googletagmanager.com https://www.google-analytics.com https://zinio-sjc.gravityrd-services.com https://*.zopim.com https://static.zdassets.com https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://cdn.jsdelivr.net https://recaptcha.net https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com;style-src 'self' 'unsafe-inline' https://*.audiencemedia.com data:;img-src 'self' data: blob: https://*.ziniopro.com https://*.audiencemedia.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://*.braintreegateway.com https://v2assets.zopim.io https://discover.zinio.com https://sleeknotestaticcontent.sleeknote.com https://analytics.sleeknote.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com;media-src 'self' https://static.zdassets.com;connect-src 'self' https://*.audiencemedia.com https://*.ziniopro.com https://*.nr-data.net https://googleads.g.doubleclick.net https://adservice.google.com https://cdn.jsdelivr.net https://*.braintree-api.com https://*.braintreegateway.com https://*.cardinalcommerce.com https://www.paypal.com https://ekr.zdassets.com https://zinio.zendesk.com wss://widget-mediator.zopim.com wss://zinio.zendesk.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://collector.datacloud.zinio.com https://www.facebook.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://images.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://sleeknotecustomerscripts.sleeknote.com;font-src 'self' https://*.audiencemedia.com https://fonts.gstatic.com https://sleeknotestaticcontent.sleeknote.com;frame-src 'self' https://td.doubleclick.net https://*.paypal.com https://*.braintreegateway.com https://recaptcha.net https://www.facebook.com https://web.facebook.com https://*.sleeknote.com;frame-ancestors none 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.higheredjobs.com *.googleadservices.com region1.google-analytics.com www.googletagservices.com cdn.jsdelivr.net global.ketchcdn.com newassets.hcaptcha.com *.gstatic.com www.google.com testserver.higheredjobs.com *.googlesyndication.com *.doubleclick.net *.googleapis.com www.click2apply.net js.hcaptcha.com maps.google.com vigl.us *.linkedin.com www.jobelephant.com www.googletagmanager.com *.facebook.net www.google.co.uk www.google.es www.google-analytics.com *.licdn.com www.google.co.kr www.google.co.in www.google.com.sa cdn.ketchjs.com apptracker.jobelephant.com www.google.ca maxcdn.bootstrapcdn.com adservice.google.com *.twitter.com www.google.com.mx ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' https://client.warpcast.com/; script-src-elem 'self' https://pencil-novel.warpcast.com/ https://cdn.jsdelivr.net/; img-src https://* data:; child-src 'self' https://verify.walletconnect.com/ https://verify.walletconnect.org/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; connect-src 'self' https://client.warpcast.com/ https://stream.warpcast.com wss://ws.warpcast.com/ https://relay.walletconnect.com/ wss://relay.walletconnect.com/ https://explorer-api.walletconnect.com/ wss://www.walletlink.org/ https://*.cloudflarestream.com; worker-src blob:; media-src 'self' blob:; 1
report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=2a186508-934d-4c81-97f4-748e80629e65;report-to csp-endpoint;script-src 'unsafe-eval' s20.tiktokcdn.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com;worker-src shop.tiktok.com/streamer/sw.js shop.tiktok.com/sw.js shop.tiktok.com/xgplayer_decoder/avc-worker.js shop.tiktok.com/xgplayer_decoder/hevc-worker.js shop.tiktok.com/xgplayer_decoder/timer-worker.js 1
object-src 'none';base-uri 'self';script-src 'nonce-hqp8x2NX-tIr3o-IxioEjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wa.appsflyer.com www.ze.delivery *.googleapis.com *.gstatic.com use.typekit.net ze.delivery *.facebook.com *.doubleclick.net www.google.com.br *.tiktok.com docs.google.com web-sdk-cdn.singular.net tt-10943-6.seg.t.tailtarget.com sdk.split.io analytics.google.com adservice.google.com metrics.hotjar.io *.onetrust.com content.hotjar.io www.google.com api.segment.io www.googletagmanager.com *.mathtag.com d.tailtarget.com telemetry.split.io mlts.dynamsoft.com sdk-api-v1.singular.net cdn.jsdelivr.net cognito-idp.us-west-2.amazonaws.com cdn.cookielaw.org auth.split.io img.saveur-biere.com api.ze.delivery vc.hotjar.io *.googleadservices.com cdn.segment.com wa.onelink.me events.split.io *.facebook.net api.club.zedelivery.in b.t.tailtarget.com accounts.google.com translate.google.com *.hotjar.com tags.t.tailtarget.com *.imgix.net tags.w55c.net websdk.appsflyer.com streaming.split.io *.amazoncognito.com t.tailtarget.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org www.deltadental.com www.googletagmanager.com cdn.mouseflow.com locationapi.cdn.pagesense.io *.facebook.net *.googleapis.com *.onetrust.com portal.deltadental.com cdn.pagesense.io *.zoho.com o2.mouseflow.com lh3.ggpht.com rum.browser-intake-datadoghq.com www.google.com *.facebook.com www.google-analytics.com *.gstatic.com static.zohocdn.com support.deltadental.com region1.google-analytics.com session-replay.browser-intake-datadoghq.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io www.google.com.bo www.google.ca *.bancochile.cl *.clarity.ms www.google.com.au www.appsbch.cl *.facebook.com www.googletagmanager.com bam.nr-data.net *.gstatic.com *.doubleclick.net analytics.pangle-ads.com google.com *.tiktok.com *.hotjar.com metrics.hotjar.io www.google.com.br www.google.com.ar www.youtube.com bat.bing.com c.bing.com www.google.co.uk www.google.co.in www.google.com.mx entelvisa2.recoline.cl www.google.es *.qualtrics.com www.google.com region1.analytics.google.com analytics.google.com sitiospublicos.bchpreproductivos.com cdnjs.cloudflare.com unpkg.com www.google.com.co www.google.de events.launchdarkly.com www.google.com.py app.launchdarkly.com overbridgenet.com rutasdelchile.bancochile-promociones.cl www.google-analytics.com www.google.fr www.google.com.pe www.google.cl content.hotjar.io www.google.co.th dialogflow.cloud.google.com adservice.google.com www.google.co.ve i.ibb.co *.googleapis.com lib-us-1.brilliantcollector.com ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample' ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.hotjar.com *.klevu.com *.typekit.net *.cdn-rs.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.hotjar.com *.audio-technica.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.xtento.com *.google.com *.hotjar.com *.addthis.com *.audio-technica.com *.dotdigital-pages.com *.dotdigital.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.xtento.com cdn.xtento.com *.klevu.com *.doubleclick.net *.google.co.uk *.gstatic.com maps.googleapis.com *.google.com *.cloudfront.net *.postcodeanywhere.co.uk *.bing.com *.clarity.ms *.audio-technica.com *.powerreviews.com *.hsforms.com *.hubspot.com https://images.unsplash.com *.trackedlink.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.googleapis.com *.clarity.ms *.tiktok.com *.powerreviews.com *.hs-scripts.com *.audio-technica.com *.forter.com *.pcapredict.com *.postcodeanywhere.co.uk *.bing.com *.algolia.net *.algolianet.com *.hubspotfeedback.com *.hubapi.com *.hubspot.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.cloudfront.net *.googleoptimize.com https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/min/dropzone.min.js *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleadservices.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.avada.io cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com *.google.co.uk *.powerreviews.com *.google.com *.cdn-rs.com *.fonts.net *.postcodeanywhere.co.uk aud-media.cdn-rs.com https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.css cc-cdn.com *.klarnacdn.net *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.clarity.ms *.tiktok.com *.trustpilot.com *.audio-technica.com *.forter.com *.cloudfront.net *.postcodeanywhere.co.uk *.powerreviews.com *.hubspot.com *.cdn.forter.com *.googleoptimize.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.iubenda.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.commerce-connector.com *.webgriffe.systems *.ctfassets.net *.nexmart.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.clerk.io https://chimpstatic.com https://www.gstatic.com *.nr-data.net *.newrelic.com *.clarity.ms *.iubenda.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.nr-data.net *.newrelic.com *.clarity.ms *.iubenda.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 1
default-src 'self'; script-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; script-src-elem 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; img-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io; style-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://*.cloudfront.net; frame-src 'self' 'nonce-438bf955469488cb35b61e3455dace4a1a622c0275cac8c2a28e5eb907ca976c' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.ioframe-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; report-uri /csp-violation-report-endpoint/ 1
object-src 'none';base-uri 'self';script-src 'nonce-Nv1WlDCCrGOrI7nUzRxsXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-yf_ScB99ejc1puiV_jtROg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; report-to default; 1
base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 1
frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; report-uri https://nearpod.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: s.lngtdv.com hblg.media.net *.criteo.net ib.adnxs.com www.coursesidekick.com ad-delivery.net creativecdn.com de.tynt.com sid.storygize.net assets.coursehero.com s.update.wo.gumgum.com prod.us-east-1.cxm-bcn.publisher-services.amazon.dev bcp.crwdcntrl.net c.gumgum.com i.clean.gg choices.truste.com warp.media.net js.gumgum.com secure.adnxs.com www.googletagmanager.com *.googleadservices.com cdn.cookielaw.org *.adsafeprotected.com s.update.sharethru.com agen-assets.ftstatic.com prebid.media.net *.doubleclick.net idsync.rlcdn.com sdk.sharethrough.com lexicon.33across.com www.symbolab.com g2.gumgum.com acdn.adnxs.com pghub.io *.akamaihd.net script.4dex.io secure.quantserve.com dnacdn.net *.2mdn.net *.amazon-adsystem.com www.google-analytics.com usersync.gumgum.com onetag-sys.com *.agkn.com *.moatpixel.com cdn.adnxs.com www.coursehero.com choices.trustarc.com idx.liadm.com *.flashtalking.com ads.stickyadstv.com bam.nr-data.net image8.pubmatic.com cdn.id5-sync.com ice.360yield.com hbopenbid.pubmatic.com ads.us.e-planning.net cdn.amplitude.com protected-by.clarium.io cms.quantserve.com contextual.media.net cdn.jsdelivr.net pr-bh.ybp.yahoo.com c.bing.com s.nmh.4dex.io api.btloader.com c.4dex.io *.admanmedia.com ssp.disqus.com rp.liadm.com id.crwdcntrl.net *.googleapis.com *.googlesyndication.com attentionxyz.com mp.4dex.io api.rollbar.com accounts.google.com s.ntv.io st.pubmatic.com *.criteo.com region1.google-analytics.com *.imrworldwide.com *.adsrvr.org exchange.postrelease.com sync.srv.stackadapt.com va-g2.gumgum.com *.bidr.io *.casalemedia.com *.adform.net content.quantcount.com id.rlcdn.com cdnjs.cloudflare.com *.dotomi.com www.paypalobjects.com js.recurly.com *.openx.net hde.tynt.com longitudeads-com.videoplayerhub.com id5-sync.com js-agent.newrelic.com *.smartadserver.com *.yahoo.net *.rubiconproject.com *.lijit.com ssc-cms.33across.com load77.exelator.com *.ampproject.org sync.1rx.io conf.lngtd.com secure.cdn.fastclick.net data.ad-score.com api.attentionxyz.com *.onetrust.com *.bluekai.com exch.quantserve.com lngtd.com api.amplitude.com geo.privacymanager.io s.ad.smaato.net prreqcroab.icu js.ad-score.com seal.digicert.com cdn.confiant-integrations.net native.sharethrough.com www.youtube.com bttrack.com *.bidswitch.net lb.eu-1-id5-sync.com mb.moatads.com rules.quantcount.com loadus.exelator.com ajs-assets.ftstatic.com px.moatads.com prod.tahoe-analytics.publishers.advertising.a2z.com *.zemanta.com it.lngtd.com *.doubleverify.com *.sitescout.com match.justpremium.com btlr.sharethrough.com eb2.3lift.com ats.rlcdn.com cadmus.script.ac cdn-guse1-xch.media.net c.ltmsphrcl.net z.moatads.com ad.360yield.com ads.pubmatic.com pixel.quantcount.com jadserve.postrelease.com rtb.gumgum.com www.recaptcha.net www.googletagservices.com www.google.com *.everesttech.net tlx.3lift.com pm.w55c.net crcldu.com b.sharethrough.com pixel.quantserve.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.typekit.net https://fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cordialdev.com *.cordial.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com *.cordial.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com amc.demdex.net https://photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lightboxcdn.com *.cdn.searchspring.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com track.cordial.io s7.addthis.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net https://checkoutshopper-test.adyen.com *.lightboxcdn.com *.attn.tv *.cdn.searchspring.net *.googletagmanager.com https://widgets.turnto.com we.turnto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.typekit.net *.pay.google.com fonts.googleapis.com/ https://widgets.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.cordialdev.com *.cordial.com ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ws: https://*.a.searchspring.io https://cdn-ws.turnto.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.kidspot.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-6MMf3vurju2qZmLaKzgtpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; script-src 'self' 'unsafe-eval' *.googletagmanager.com *.onetrust.com assets.adobedtm.com script.hotjar.com *.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.hotjar.com assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com static.hotjar.com *.googletagmanager.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' cdn.honey.io *.googleapis.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: mdm-assets.integration.costacoffee.com *.demdex.net *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com *.onetrust.com cm.everesttech.net *.googleapis.com; font-src 'self' *.gstatic.com; connect-src 'self' ws://ws27.hotjar.com *.hotjar.com *.hotjar.io *.onetrust.com *.go-mpulse.net trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net costalimited.tt.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com *.techlab-cdn.com; frame-ancestors 'self'; frame-src costalimited.demdex.net *.hotjar.com; report-uri https://costa.report-uri.com/r/t/csp/reportonly; report-to default 1
default-src 'self' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://api.sardine.ai https://static.zdassets.com/ https://ekr.zdassets https://ekr.zendesk.com https://*.zopim.com wss://demonifty.zendesk.com wss://*.zopim.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://edge.fullstory.com/s/ https://static.ads-twitter.com/uwt.js https://sc-static.net/ https://googleads.g.doubleclick.net/ https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://api.dev.sardine.ai https://edge.fullstory.com https://js.stripe.com/v3/ https://www.googletagmanager.com/gtag/js https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://sc-static.net/scevent.min.js https://www.google.com/recaptcha/ https://static.zdassets.com/ https://www.gstatic.com/recaptcha/ https://tr.snapchat.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.sardine.ai https://unpkg.com/@google/model-viewer/dist/model-viewer.min.js https://www.youtube.com https://www.googleoptimize.com; img-src https: blob: data:; connect-src https://api.niftygateway.com https://odysseymarket.niftygateway.com https://api.sandbox.niftygateway.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com https://api-js.mixpanel.com ​https://www.clarity.ms wss://widget-mediator.zopim.com https://nifty-qa100.service.aws-qa.sd.gem.link https://demonifty.zendesk.com https://ekr.zdassets.com https://encrypted-tbn0.gstatic.com/images https://lh3.googleusercontent.com https://tr.snapchat.com https://eth-goerli.alchemyapi.io https://search-api-staging.s-niftygateway-001-use1.svc.gem.link https://search-api.niftygateway.com https://search-api-dev.d-niftygateway-001-use1.svc.gem.link https://ipfs.io https://rs.fullstory.com https://session-replay.browser-intake-datadoghq.com https://eth-mainnet.alchemyapi.io https://api.cloudinary.com/v1_1/nifty_gateway/auto/upload https://api.pinata.cloud/pinning/pinFileToIPFS https://openseauserdata.com https://rum.browser-intake-datadoghq.com https://api.x.immutable.com https://i.seadn.io https://cdn.optimizely.com https://img.seadn.io https://storage.opensea.io https://api.opensea.io;  font-src https://fonts.gstatic.com https://use.typekit.net/ 'self'; object-src 'self'; media-src https://media.niftygateway.com https://static.zdassets.com https://openseauserdata.com https://storage.opensea.io https://res.cloudinary.com; frame-src https://js.stripe.com/v3/ https://www.google.com https://api.sardine.ai https://api.dev.sardine.ai https://tr.snapchat.com/ https://www.youtube.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-a2nds3MAz6f969qrYqpDag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk audible.sc.omtrdc.net audible.tt.omtrdc.net ct.pinterest.com dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com pixel.quantcount.com sonic.frontier.a2z.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com us-central1-adaptive-growth.cloudfunctions.net www.facebook.com/tr/ www.google.com/pagead/landing; font-src m.media-amazon.com; frame-src 'self' 12184389.fls.doubleclick.net 8127728.fls.doubleclick.net audible.demdex.net ct.pinterest.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net tr.snapchat.com www.facebook.com; img-src 'self' ad.doubleclick.net analytics.twitter.com bat.bing.com ct.pinterest.com fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com lantern.roeye.com m.media-amazon.com pixel.mediaiqdigital.com pixel.quantserve.com secure.adnxs.com t.co www.awin1.com/sread.php www.facebook.com www.google.ca/pagead/1p-user-list/ www.googletagmanager.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com cdn.pdst.fm connect.facebook.net d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com js.adsrvr.org lantern.roeyecdn.com rules.quantcount.com s.pinimg.com sc-static.net secure.quantserve.com static.ads-twitter.com tr.snapchat.com www.dwin1.com www.googleadservices.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
object-src 'none';base-uri 'self';script-src 'nonce-B4V4MRCfrCNYQW6_Saqcpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src   http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com blob:;  style-src 'self' https://checkout.stripe.com 'unsafe-inline' ;  img-src * https://* http://* data:;  font-src 'self' data:;  script-src 'self' http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com blob: 'unsafe-eval' 'unsafe-inline' ;  frame-src 'self'  https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ ;  media-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com blob:;  object-src 'self' http://*.somafm.com https://*.somafm.com blob:;  connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com 1
script-src 'self'; style-src 'self'; report-uri /web/reportreceiver; 1
connect-src analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' wss:;default-src 'self' 'unsafe-inline' wss:;form-action 'self' 'unsafe-inline' wss:;frame-src *.soundcloud.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;img-src *.siteimproveanalytics.io analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;object-src 'none';script-src *.googletagmanager.com siteimproveanalytics.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com 'self' 'unsafe-inline' wss: 1
font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.surveymonkey.com *.criteo.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com *.onetrust.com *.pangle-ads.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.addthis.com www.googletagmanager.com td.doubleclick.net legacy.capital.lv 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.twitter.com www.google.lv portal.klix.app klix.blob.core.windows.net t.co *.lfeeder.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com static.ads-twitter.com klix.blob.core.windows.net polyfill.io fastbase.com *.lfeeder.com s7.addthis.com *.avada.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://cdn.jsdelivr.net *.typekit.net www.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net klix.blob.core.windows.net api.klix.app *.googleapis.com t.elasticsuite.io ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud 1
object-src 'none';base-uri 'self';script-src 'nonce-u12_ItEP4Z6Qn4lFyQqbSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.stripe.com apis.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.googletagmanager.com *.stripe.com https://apis.google.com/ accounts.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com challenges.cloudflare.com; worker-src blob:; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com *.google-analytics.com *.stripe.com accounts.google.com maps.googleapis.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com api.unsplash.com risk.clearbit.com login.microsoftonline.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' accounts.google.com *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'     *.googleapis.com      fonts.gstatic.com      *.fontawesome.com      *.aspnetcdn.com      *.jsdelivr.net      *.googletagmanager.com;     img-src * data: *.wistia.com;     frame-ancestors 'self';     object-src 'none';     form-action 'self' *.hsforms.com *.agencybloc.com *.spinutech.com https://www.facebook.com/tr/;     base-uri 'self';     media-src s3.amazonaws.com blob: *.wistia.com *.wistia.net;     report-uri /csp/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: logs-01.loggly.com *.facebook.net adservice.google.com use.typekit.net api.ipify.org *.gstatic.com *.carrefoursolucoes.com.br *.facebook.com api.voxus.tv cdn-prod.securiti.ai www.googletagmanager.com via.placeholder.com tools.applemediaservices.com cdn.targeting.voxus.com.br *.tiktok.com unpkg.com analytics.pangle-ads.com *.doubleclick.net www.youtube.com www.google-analytics.com app.securiti.ai www.google.com.br event.getblue.io www.google.com targeting.voxus.com.br *.googleapis.com widget.getblue.io analytics.google.com secure.adnxs.com targeting.voxus.tv ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; connect-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com primericaonline.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; style-src 'unsafe-inline' 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com; frame-src 'self' primericaonline.okta.com primericaonline-admin.okta.com login.primericaonline.com login.okta.com com-okta-authenticator:; img-src 'self' primericaonline.okta.com login.primericaonline.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' primericaonline.okta.com login.primericaonline.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://mob.primericaonline.com https://*.primericaonline.com 1
object-src 'none';base-uri 'self';script-src 'nonce-XXxXWZftNTyiGBJkNLvo6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tifpi9XfM5xXZDHT_mvitA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.criteo.com www.google.com *.googlesyndication.com script.4dex.io *.rubiconproject.com *.doubleclick.net *.gstatic.com cdnjs.cloudflare.com api.rollbar.com longitudeads-com.videoplayerhub.com www.google-analytics.com *.amazon-adsystem.com cdn.jsdelivr.net *.akamaihd.net cdn.confiant-integrations.net secure.cdn.fastclick.net lngtd.com www.coursehero.com it.lngtd.com *.openx.net www.googletagmanager.com ice.360yield.com cadmus.script.ac onetag-sys.com api.btloader.com exchange.postrelease.com id5-sync.com js-agent.newrelic.com c.4dex.io rules.quantcount.com lexicon.33across.com unpkg.com *.onetrust.com *.adsrvr.org ads.stickyadstv.com cdn.id5-sync.com cdn.amplitude.com assets.coursehero.com *.googleapis.com lb.eu-1-id5-sync.com bam.nr-data.net ads.pubmatic.com ats.rlcdn.com www.youtube.com conf.lngtd.com ad-delivery.net *.criteo.net secure.quantserve.com geo.privacymanager.io *.ampproject.org cdn.cookielaw.org ssc-cms.33across.com s.lngtdv.com api.amplitude.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://werbung.leipzig.de/ https://data.leipzig.de/ https://static.leipzig.de/ https://www.gstatic.com/images/; script-src 'self' 'unsafe-inline' https://www.leipzig.de/ https://static.leipzig.de/ https://werbung.leipzig.de/delivery/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://chatbot115.km.usu.com/kfirst-widget/js/ https://dev.lehst.de/; style-src 'self' 'unsafe-inline' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player/styles/ https://chatbot115.km.usu.com/kfirst-widget/css/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://dev.lehst.de/; font-src 'self' https://static.leipzig.de/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://fonts.gstatic.com/; media-src 'self' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/; connect-src 'self' https://vrweb15.linguatec.org/VoiceReaderWeb15WebService/ https://dev.lehst.de/ https://chatbot115.km.usu.com/kfirst-widget/api/ https://chatbot115.km.usu.com/kfirst-widget/icons/ https://www.leipzig.de/; frame-src https://www.youtube-nocookie.com/embed/ https://chatbot115.km.usu.com/ https://tnv.leipzig.de https://s-leipzig.maps.arcgis.com https://geoportal.leipzig.de https://www.blitzvideoserver.de https://tportal.toubiz.de https://kwis-web.leipzig.de; 1
connect-src 'self' data: *.amazonaws.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googleapis.com *.gstatic.com *.masonline.id *.nr-data.net *.stockbit.com *.tiktok.com *.youtube.com wss://*.crisp.chat wss://*.stockbit.com analytics.google.com api.trongrid.io cdnma.cdnservice.space client.crisp.chat www.google.co.id; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockbit.com analytics.tiktok.com apis.google.com app.midtrans.com bam.nr-data.net client.crisp.chat connect.facebook.net d2r1yp2w7bby2u.cloudfront.net js-agent.newrelic.com midtrans.com nr-data.net sg1.wzrkt.com www.google-analytics.com www.google.com/recaptcha/api.js www.googletagmanager.com www.gstatic.com/firebasejs/ www.gstatic.com/recaptcha/ www.youtube.com/iframe_api www.youtube.com/s/player/ ssl.google-analytics.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.cloudfront.net assets-nextjs.stockbit.com client.crisp.chat translate.googleapis.com; object-src 'none'; media-src 'self' assets-nextjs.stockbit.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1d9a1c8916e2bfd1c2dbec72dd1a5283&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
upgrade-insecure-requests; default-src 'self' data: https://www.securepoint.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://stats.spdns.de/; style-src 'self' 'unsafe-inline' https://www.securepoint.de/ 'unsafe-eval'; img-src 'self' data: blob: https://status.securepoint.de/; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' data: blob: wss://av.securepoint.de; media-src 'none'; object-src 'none'; frame-src 'self' https://wunschbox.ideas.aha.io/; frame-ancestors 'self' 'none'; report-uri https://gt.securepoint.de/api/6/security/?glitchtip_key=8c14be5ae56c453086796a299747424a; worker-src blob: 'self' 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.eu https://content-wg.gcdn.co ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cactusvpn.com www.cactusvpn.com billing.cactusvpn.com; report-uri https://75943a29954faa0d1b365a52c248c905.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none'; 1
frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: c.t.tailtarget.com www.googletagmanager.com *.clarity.ms cdn.jsdelivr.net use.typekit.net *.hotjar.com *.doubleclick.net js.hs-analytics.net tag.navdmp.com *.facebook.com js.hcaptcha.com *.gstatic.com fledge.teads.tv forms.hsforms.com usr.navdmp.com c.tile.osm.org *.tokiomarine.com.br secure.adnxs.com p.teads.tv www.google.com.br www.youtube.com js.hscollectedforms.net *.uol.com.br maxcdn.bootstrapcdn.com js.hs-banner.com *.everesttech.net *.hubspot.com *.facebook.net *.licdn.com cdn.navdmp.com t.teads.tv analytics.google.com *.adsrvr.org *.demdex.net *.bluekai.com www.google.com a.tile.osm.org cm.teads.tv code.jquery.com *.useinsider.com nominatim.openstreetmap.org l.teads.tv forms.hscollectedforms.net *.smartadserver.com maps.google.com *.taboola.com js.hs-scripts.com s3-sa-east-1.amazonaws.com stackpath.bootstrapcdn.com *.addthis.com *.linkedin.com b.tile.osm.org *.mathtag.com tm.jsuol.com.br newassets.hcaptcha.com beacon.krxd.net unpkg.com igorescobar.github.io ad.sxp.smartclip.net adservice.google.com cms.analytics.yahoo.com *.amazon-adsystem.com *.googleapis.com *.imperva.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com *.core.windows.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.olaelectric.com *.olacabs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com cdn.moengage.com *.book.olaelectric.com *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.core.windows.net d34kmefuuy0be0.cloudfront.net evprodcdn.blob.core.windows.net *.olaelectric.com 'self' *.cloudfront.net *.olacabs.com *.azureedge.net *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com cdn.olaelectric.com *.cloudinary.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.licdn.com *.ads-twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.core.windows.net unpkg.com *.olaelectric.com *.blob.core.windows.net *.unpkg.com cdn.moengage.com *.highcharts.com cdn.olaelectric.com *.cloudinary.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.core.windows.net *.google.com unpkg.com *.olaelectric.com *.cloudinary.com *.cdn.olaelectric.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline'; object-src *.cloudinary.com *.cdn.olaelectric.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.cloudfront.net *.core.windows.net 'self' *.azureedge.net *.olacabs.com *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com *.olaelectric.com cdn.olaelectric.com *.cloudinary.com *.magezon.com 'self' 'unsafe-inline'; manifest-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.linkedin.oribi.io *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.core.windows.net demotiles.maplibre.org api.geospoc.io *.olaelectric.com sdk-02.moengage.com *.magezon.com *.cdn.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cloudinary.com *.cdn.olaelectric.com *.olaelectric.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buzzsprout.com *.cookielaw.org *.getblueshift.com *.onetrust.org *.typekit.net *.vercel-scripts.com bat.bing.com connect.facebook.net static.hotjar.com script.hotjar.com vercel.live https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.typekit.net vercel.live;img-src 'self' blob: data: *.buzzsprout.com *.cookielaw.org *.ctfassets.net *.facebook.com *.internationalliving.com *.nodebb.com *.youtube.com *.ytimg.com *.vercel.com vercel.com bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;connect-src wss://*.pusher.com 'self' *.cookielaw.org api.getblueshift.com *.onetrust.com *.hotjar.io vercel.live https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' *.typekit.net vercel.live;frame-src 'self' *.buzzsprout.com *.typeform.com *.youtube-nocookie.com *.youtube fast.wistia.net player.vimeo.com td.doubleclick.net vimeo.com vercel.live;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none' 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://widget.me-talk.ru wss://widget.me-talk.ru https://static.me-talk.ru https://tagmanager.google.com https://www.googletagmanager.com https://score.juicyscore.net https://mc.yandex.ru https://zaymer-api-stage.itrf.tech/socket.io https://www.zaymer.ru/socket.io https://covenant-eu.robocash.global; script-src 'sha256-LsBAgSWhVEVv8/eF5bnWMlmguKx/72ZPoSpVb5LVvYE=' 'nonce-xRxbya5bq0O70S5diciF3Q==' 'self' 'self' 'sha256-TVh24Vdb7GTzT63NsxngfGhs0KMXeoymEQStL6oHOQM=' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yastatic.net https://admin.verbox.ru https://top-fwz1.mail.ru https://vk.com https://static.me-talk.ru https://tagmanager.google.com https://score.juicyscore.net; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://top-fwz1.mail.ru https://vk.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru blob:; form-action 'self'; frame-ancestors 'none'; child-src https://mc.yandex.ru blob: ; object-src 'none'; report-uri https://covenant-eu.robocash.global/report/zaymer-ru-front 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn-prod.securiti.ai www.recaptcha.net *.pinterest.com www.google-analytics.com *.adsrvr.org wwwassets.pricespider.com adservice.google.com *.facebook.net bat.bing.com assets.pixlee.com buttons-config.sharethis.com p.cquotient.com *.tiktok.com *.deltafaucet.com k-us1.az.contentsquare.net secure.adnxs.com www.googletagmanager.com dx.steelhousemedia.com *.forter.com assets.pxlecdn.com www.google.com *.igodigital.com *.doubleclick.net app.omniconvert.com embeddedcloud.pricespider.com c.az.contentsquare.net photos.pixlee.co l.sharethis.com *.cloudfront.net secure.quantserve.com t.contentsquare.net px.steelhousemedia.com *.facebook.com *.force.com www.google.co.in *.gstatic.com wtbng.pricespider.com alb.reddit.com code.jquery.com wtbevents.pricespider.com *.bazaarvoice.com cdn.pricespider.com cdn-b.omniconvert.com xiecomm.paymetric.com cdn.cquotient.com cert-xiecomm.paymetric.com sp.analytics.yahoo.com *.salesforceliveagent.com ad.ipredictive.com prreqcroab.icu data.stbuttons.click locate.pricespider.com cdnjs.cloudflare.com bimsmith.com www.youtube.com *.googleadservices.com *.pinimg.com s3.amazonaws.com mpsnare.iesnare.com platform-api.sharethis.com Direct IPs pixel.quantcount.com track.visibleconsumerinsight.com cdn.jsdelivr.net analytics.google.com ww.steelhousemedia.com platform-cdn.sharethis.com *.googleapis.com rapid-cdn.yottaa.com *.salesforce.com qoe-1.yottaa.net js.ipredictive.com hosted.where2getit.com www.redditstatic.com use.typekit.net media.peerlessfaucet.com q-us1.az.contentsquare.net csxd.contentsquare.net rules.quantcount.com *.amazon-adsystem.com conversions-config.reddit.com e.cquotient.com app.securiti.ai omni.pricespider.com srm.af.contentsquare.net pixel.quantserve.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https: wss: blob:; connect-src https: wss: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data: blob:; object-src https: data:; media-src https: data: blob:; frame-ancestors 'none'; report-uri /security/csp_violations 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src  'self' 'unsafe-inline'; img-src  'self' 'unsafe-inline' data:; media-src  'self' 'unsafe-inline'; frame-src  'self' 'unsafe-inline'; frame-ancestors  'self'; child-src  'self' 'unsafe-inline'; font-src  'self' 'unsafe-inline'; connect-src  'self' 'unsafe-inline' https://o15468.ingest.sentry.io/api/6068037/envelope/; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net; report-uri https://moneybird.com/csp_report; 1
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 1
default-src 'self';                       script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.walkme.com https://analytics.tiktok.com https://connect.facebook.net https://extend.vimeocdn.com/ga/41833415.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10892526870/ https://js.adsrvr.org/up_loader.1.1.0.js https://maps.googleapis.com https://up.pixel.ad/assets/up.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com;                        style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.walkme.com;                        object-src 'none';                        base-uri 'self';                        connect-src 'self' https://analytics.tiktok.com https://maps.googleapis.com https://www.google-analytics.com https://*.walkme.com;                       font-src 'self' data: https://fonts.gstatic.com;                        frame-src 'self' https://insight.adsrvr.org https://pixel.sitescout.com https://player.vimeo.com https://td.doubleclick.net https://video.ball.com https://www.youtube.com https://*.walkme.com;                       img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com;                        manifest-src 'self';                       media-src 'self';                        worker-src 'none';                       form-action 'self';                       frame-ancestors 'self' https://ball-com-2021-cms.bluemod.me/ https://vision-dev-cms.ball.com https://vision-test-cms.ball.com https://vision-cms.ball.com; 1
font-src *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa static.zdassets.com cdn.usehero.com *.strut.fit *.global-e.com transition.pages.dev *.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.amazon.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.bglobale.com webservices.global-e.com www.facebook.com *.hotjar.com *.kaptcha.com mention-me.com www.paypalobjects.com *.pinterest.com *.strut.fit *.zmags.com e.issuu.com *.global-e.com *.awin1.com *.vivobarefoot.com *.zma.gs *.amazonaws.com *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com *.awin1.com *.dwin1.com *.taboola.com bat.bing.com *.ads.twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com ct.pinterest.com *.global-e.com analytics.twitter.com www.facebook.com *.amazonaws.com upload.usehero.com t.co www.google.es *.cloudfront.net storage.googleapis.com vivo.azureedge.net services.postcodeanywhere.co.uk *.bing.com *.vivobarefoot.com map.go.affec.tv secure.adnxs.com www.google.co.in *.zmags.com *.zma.gs transition.pages.dev *.strut.fit *.trustedshops.com ww2.bglobale.com *.visualwebsiteoptimizer.com *.google.de *.google.se *.google.dk *.google.uk *.google.ca *.google.nz *.google.eu *.mention-me.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com www.dwin1.com *.taboola.com bat.bing.com static.ads-twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com ct.pinterest.com static.zdassets.com *.strut.fit strutagiocdn.blob.core.windows.net *.windows.net js-agent.newrelic.com bam.nr-data.net services.postcodeanywhere.co.uk web.global-e.com webservices.global-e.com *.affec.tv secure.adnxs.com *.srcspot.com *.zmags.com *.zma.gs *.z-analytics.net transition.pages.dev *.payments-amazon.com *.awin1.com *.trustedshops.com *.zopim.com *.vivobarefoot.com *.bablic.com *.ads.twitter.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com http://fonts.googleapis.com services.postcodeanywhere.co.uk *.zmags.com *.zma.gs 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa static.zdassets.com cdn.usehero.com transition.pages.dev 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cmp.uniconsent.com *.pcapredict.com *.stackpathcdn.com *.bglobale.com cdn.usehero.com api.usehero.com *.hotjar.com dwin1.com *.taboola.com bat.bing.com *.ads.twitter.com *.pinimg.com connect.facebook.net *.doubleclick.net *.clarity.ms api.uk.exponea.com *.pinterest.com *.zendesk.com wss://widget-mediator.zopim.com/ *.strut.fit services.postcodeanywhere.co.uk *.nr-data.net *.analytics.google.com *.zmags.com *.zma.gs www.facebook.com transition.pages.dev ekr.zdassets.com wss://*.hotjar.com *.hotjar.io *.amazon.com *.bablic.com rebel-geocode.nw.r.appspot.com *.visualwebsiteoptimizer.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' googlesyndication.com *.googlesyndication.com hotjar.com *.hotjar.com google.com *.google.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net adnxs.com *.adnxs.com 6sense.com *.6sense.com 6sc.co *.6sc.co hotjar.io *.hotjar.io hubspot.com *.hubspot.com linkedin.com *.linkedin.com omappapi.com *.omappapi.com analytics.google.com wss://ws.hotjar.com www.google.co.in adservice.google.com dev.visualwebsiteoptimizer.com forms.hsforms.com; default-src 'self'; font-src 'self' https://fonts.googleapis.com data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self'; img-src 'self' b.6sc.co consent.trustarc.com perf-na1.hsforms.com static.fortra.com track.hubspot.com www.google.com dev.visualwebsiteoptimizer.com www.google.co.in x.adroll.com forms-na1.hsforms.com ipv4.d.adroll.com linkedin.com *.linkedin.com www.google.ca www.googletagmanager.com forms.hsforms.com www.google.co.uk consent-pref.trustarc.com www.google.fr www.google.pt www.google.co.id www.google.com.vn www.google.com.mx www.google.co.jp www.google-analytics.com www.google.com.pk www.google.de; media-src 'self'; object-src 'self'; script-src 'self' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-VIuZeiDoEGhPwHlSmouYL2zK/++F5Oa/NFSaX974JCw=' 'sha256-mLFjRlurOZiQ/39Q05BOaNiGRyjWCTFNWhvR5XkQna4=' 'sha256-si/G7U6YqPCqvuOxuNu+pPvPsnp10TXSUNnpjo4o2E8=' 'sha256-3cxnJf8CDp9v9IE/tMoZHTxdQ0jKVEVpmBeN8YcRySA=' 'sha256-OIvam6gdRSMb4vEcvNxnkh28xoHZAgvfTYMqEKnZ4t4=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-i4aadpZdid9j3HWHuZI+cIZm1yMlOqVl90CLm0iEl+8=' 'sha256-8D8dEPWVT29qx5X7YYOS4LgaFRv7TWXZru0XP0gTbzg=' 'sha256-kYTWsL3eyz2tbAz4uBgUleoRWTrBffDFMCwOjoXTu2c=' 'sha256-RhSW3VHyIM33OkPY6gg7vrL2NcW5Ms/WbNRvQiwKoYc=' 'sha256-wA5TFYqUzoSGtPZwm8SESTMYr8hZGT/fGZOzbR47kdE=' 'sha256-71FQZ/vodBjadye5uztg7ATFhoyFQYRg/3WQkgfmcMk=' 'sha256-q+o79s/2v3kyn2KgqNj5UMXu6GhJL3C1AR4DgavQYTs=' 'sha256-S6Erfq/TqN8CQj1PfcDLOezVwgyf7DHr/RdgKtqag2M=' 6sc.co *.6sc.co adroll.com *.adroll.com beyondsecurity.com *.beyondsecurity.com cloudflareinsights.com *.cloudflareinsights.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com hs-banner.com *.hs-banner.com hs-scripts.com *.hs-scripts.com hsleadflows.net *.hsleadflows.net hubspot.com *.hubspot.com licdn.com *.licdn.com omappapi.com *.omappapi.com trustarc.com *.trustarc.com usemessages.com *.usemessages.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com www.googletagmanager.com lex.33across.com js.driftt.com js.hsforms.net js.hs-analytics.net performance.radar.cloudflare.com; style-src 'self' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-boOol+9NcNYVRpBCSxWeVXPJG0KEcLU/n9ueQidQj3g=' 'sha256-14ckDx3ADOkTfI7ebHbVrmc4RWA8SOdT5AkIYYRSI1g=' 'sha256-o6B1a8BlPsZTLfzSobFT2K+/3Wb3SKUnv21dJj2trO8=' 'sha256-MzotFeyrBPipKDZyID3daFCpYv7umnM7iR1mL99bl7o=' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-uhyS4TPnOhChCIC9Q/iAQRc8lGfiwN4r1qJcDwNlZR8=' 'sha256-rvCyiQext9QozGia0vXBtjNI2/CnZLvpIWUAxnVm1lo=' 'sha256-6YITkiQ50pHESOjJXub82weWZ7wrdlHd1GN2R78XThI=' 'sha256-yei2dyOJ9Ii+YSeSfZjhNDbA0aWM8uFhjAiO0N2XGtM=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-XQ9IIzofSpnsaWUrxgeXIJi+l/iPTcWjVx5ypSCX3V8=' 'sha256-Y4YhHFCyo/BREYP/C8B4z2tIfioIaXiEC560yu0Ne2Q=' 'sha256-ndWczpqXxcKKxPONpaJxM3neXUh3n67sITst3+bycOg=' 'sha256-a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=' 'sha256-A9V1T7VGV+t+cMXQLwgAKNpNq5NlSUu0cB7zZq8hIr8=' 'sha256-nl4fY3q3DWeRc9tyOng7cHKyMNe9p5d5nHQyUV+C37o=' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' 'sha256-CsN4k1ceJXYtNa6wVQiOk1kqaTWC0dpbSWmp5lieZyE=' 'sha256-qMEuaMl/cJMddT7wKc2NUkzu1yM4fmtzluf3UeMtLLE=' 'sha256-bvnLuy6LpOOT3gDS8p8t314E1W+9iSw0YMOFoyuwiCg=' 'sha256-jBFvfUl7e9k6ujv6uP5817BV+6MND47rKTrIeDhs/98=' 'sha256-QJduzSZApOX4KPuxtdNIOha0CCcphDMXZYXwSFB5iVw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-9f+IbnZyB9cVT8/xwky9rVVg3LjHInh9MAiva41lZUk=' 'sha256-s/0mrZeE2ueCh3YgZMc8e7OPYI5HSYWEIQf8DaWQaho=' 'sha256-jKGNV7cDpHhn8R9qBJKtiwZIe+33CJqvJm4QrCsX1+0=' 'sha256-dE8X1QbEDDbRcMzk/2HZfE+PaphXlbxT1p2ZdA3VI08=' 'sha256-rm1iUR3vQ3weFX82s2Bv5nbYicbnipX9l2Eb7Ma5Bls=' 'sha256-qRYXPWgeO8DQuggZ5e4ZR8dTMC/u02bYUqKzzTizqAQ=' 'sha256-x/qMT1N4vhfyww3Cl8YyRuexGUTI5ZEw/ZCb86FvIdg=' 'sha256-Nq/OmXCOfffss2QwvNQBZPlL66Fp7KiYwxbhk6p8ulI=' 'sha256-neXcSvRDrd+qMWPGbWJTgyBVFZbdQY8UNZnGhBnxWbw=' 'sha256-mOMG43/8xEDVjdiQbtThixKcS+7CBkAVIZRXWH+l6fw=' 'sha256-vJaQjoEuS/N0MsRKg88KDGnW/7aZlaANfgAw1oeZAYk=' 'sha256-gXy6cGSHvJazs4nCOyks/yFsmrMvrc7fMfWcSzbPn7Q=' 'sha256-LNi1Y8jJd/EPl6sOEHx/J9b21TwWE4pnMmL/ghNxG/Y=' 'sha256-mrDPQSVDIM447aXVd1Xrz7tyYK/AKKv8+p6V+RohaK0=' 'sha256-7M/cpUhDJzkbOFhJUdcQBCRvF3q8d17vp+MygbNtyAw=' 'sha256-W847s+S8mJ0eXC/jm9rdeMEIMDBbTKJnZgQVq4pyk/A=' 'sha256-vLmWL7Grjd8Oav9rqfwV96WtQpvWqtNg3nOI/QQ3bxI=' 'sha256-iUD3g5BH52ycwdWlB3gOOx2JLCquec01EGpdZIfrMaM=' 'sha256-DMzVrH5fz011rpndyEYxmtcP1tTBQt69VIjpQxfYwRo=' 'sha256-tanm74LMzksD1LMJ9nL1q86GepxZoQI0FpLmofQiRiQ=' 'sha256-A/lFqc0v3WZCu/tAktIkGcq3Rwe5KMiF1VunTnlgb4g=' 'sha256-DmrgTjCfZUR0Y/6REq5QsMK7A/vVsC4d1N47OzFcW3E=' 'sha256-oNhK4QQU2pEV0OM6x64xt7raZpRAP3to3QphoXRSfbw=' 'sha256-vN1Qw2Me22uzWuR59eE1pMeOOE3ehoUYa+bO90TMCD4=' 'sha256-zmN9tWjgDrggZ7+jYb6TGt9VsC5bhRO49OWy0sHHjJ4=' 'sha256-PDv7PK7p4vec7tI/1XbvDMwahytuLYN1Ul7CMcw1gHY=' 'sha256-/kXZODfqoc2myS1eI6wr0HH8lUt+vRhW8H/oL+YJcMg=' 'sha256-xK//ASB2GoP3vH742KHL80RY3VDP0olmt+9lxHrKo7g=' 'sha256-VPK3ArT17yU9wkJRM82RcoWcitp49uzM6yeEP8L9a0k=' https://fonts.googleapis.com a.omappapi.com fonts.googleapis.com; worker-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=j9nWKUasnu285VRQzspc5HzkLdOH1yv6IoBK7B_0DfI-1715737296-1.0.1.1-Tff8w67xHI3aAO_b3TGZuU19c9JJilZ354Am6EepBuKpwzpCWxWViyOjtNSDNobw1bLVs.0nksgS0EHMoEE2BudW37chgWiIKWgkZCy2UGnkNuzrIlxuzp9yUxX0QLjQUhL6NR5btJWX_BV7d46rQxnDKGOe.pIlvKtbxpA7WkT9flJeHkqyfVtkaklCXCp32gE5AUNI3y8RgFY3TgYK4Q; report-to cf-kfgrwpbcpfvufdct 1
form-action * 'self'; default-src *; upgrade-insecure-requests; img-src * blob: data: 'self'; object-src 'none'; frame-src * 'self'; style-src * 'unsafe-inline' 'self' data:; script-src * data: wasm-eval: 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; connect-src * 'self'; child-src * blob:; font-src * data: 'self'; worker-src * blob: 'self'; report-uri https://o166208.ingest.sentry.io/api/1238795/security/?sentry_key=eebe259ebaa846d39aaae0e3404505ab&sentry_environment=production 1
object-src 'none';base-uri 'self';script-src 'nonce-Qz8fdEGzMdL3SMvpTUbUSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XsSv_QfthCuLnFCB1Ld7jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oKRlTVzldRvhBJAVg3n-Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' data: *.squaretrade.com *.facebook.com *.outbound.io *.auth0.com *.launchdarkly.com *.pndsn.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com https://api.segment.io https://api.amplitude.com https://privacyportal-eu.onetrust.com https://secure.shippingapis.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://callback.vhtcx.com https://callback.virtualhold.com https://siteintercept.qualtrics.com; form-action 'self' data: *.squaretrade.com *.force.com *.salesforce.com *.auth0.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' data: *.squaretrade.com *.auth0.com https://cdn.segment.com *.bootstrapcdn.com *.force.com *.salesforce.com *.qualtrics.com https://platform.twitter.com; font-src 'self' data: *.squaretrade.com  https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: *.squaretrade.com *.auth0.com  *.facebook.com https://p.typekit.net *.google.com *.twitter.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com; style-src-elem 'self' 'unsafe-inline' *.squaretrade.com https://hello.myfonts.net https://service.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.smartrecruiters.com https://cdn.jsdelivr.net *.bootstrapcdn.com; script-src-elem 'self' *.squaretrade.com 'unsafe-inline'  *.salesforceliveagent.com https://cdn.segment.com https://cdn.amplitude.com https://cdn.outbound.io https://connect.facebook.net https://www.googletagmanager.com https://service.force.com https://use.typekit.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform.twitter.com *.bootstrapcdn.com https://cdn.jsdelivr.net *.smartrecruiters.com https://polyfill.io 'https://www.youtube.com https://player.vimeo.com https://zn8jglatqcy5dkma1-squaretrade.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; frame-src https://service.force.com https://squaretrade.az1.qualtrics.com/ https://www.google.com https://www.facebook.com https://platform.twitter.com *.doubleclick.net; report-uri https://appreports.report-uri.com/r/t/csp/wizard 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-E7hB1Kok+qwSK7IyWF0jSKB2EW+5GngniEtK3Y3DpLg='; base-uri 'self';report-to csp-endpoint 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::AUREUS_APROD_3_8_0 1
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=A3UH7u5aKnwzQbGi0.d3KDvK4kvw6efMNfHIt4gRyjE-1715737319-1.0.1.1-fku0l3FIU7IROpkKMgvxjDgmfiP.y9cq0M89ONtqxD4DPEkfvBJgAEw3x5KNA.0VE1jlzLLAjRz5QmeEvkAKZe9dCgHiAIo7cTwcTE1Lo3uwGeg5OTWaqVgaiYbX7IHk_bud9sHejt9O9bn6oKB7DA; report-to cf-csp-endpoint 1
default-src 'self';script-src 'self' 'nonce-CparqW1CAA44Y4hCxhGfCUGy' *.travcorpservices.com/ https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com/ https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js/ https://vjs.zencdn.net https://cdn.amplitude.com/libs/ https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist/ https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com/ *.travcorp.com/ *.corp.ttc:7443/ https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api/ https://l.clarity.ms https://metrics.responsetap.com/infinity/ https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; style-src 'report-sample' 'self' data: 'unsafe-inline' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; img-src 'self' data: ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com www.gstatic.com 127.0.0.1:18623 *.plex.com; font-src 'self' *.plex.com data: *.plexus-online.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.plexonline.com at.alicdn.com use.typekit.net; connect-src 'self' web-sdk.aptrinsic.com esp.aptrinsic.com *.plex.com pcn-move.plexdev.io cdnma.cdnservice.space cdnma.global-cache.online cdnmb.global-cache.online 127.0.0.1:18623 js.authorize.net tablet.sigwebtablet.com:47290; media-src 'self' *.plex.com; object-src 'self'; child-src 'self'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self' www.plexonline.com www.plexus-online.com; form-action 'self' *.plexus-online.com *.plexonline.com *.plex.com; base-uri 'self'; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' web-sdk.aptrinsic.com www.gstatic.com *.plexonline.com *.plex.com js.authorize.net jstest.authorize.net *.google-analytics.com www.pagespeed-mod.com *.plexus-online.com www.gstatic.com; style-src-elem 'unsafe-inline' *.plexonline.com web-sdk.aptrinsic.com www.gstatic.com maxcdn.bootstrapcdn.com *.plex.com *.plexus-online.com; report-uri https://csp.security.plex.com/csp/reporting 1
script-src 'self' 'unsafe-eval' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-bfnnvnfkeg93wg';script-src-elem 'self' https://connect.facebook.net https://am.yahoo.co.jp https://b99.yahoo.co.jp https://www.google-analytics.com assets.adobedtm.com https://www.googletagmanager.com http://hm.mieru-ca.com https://hpjp.mieru-ca.com https://www.everestjs.net https://s.yimg.jp http://aigjapan.sc.omtrdc.net https://www.youtube.com 'sha256-dMIRRtml3Oi21Iaq03PtC+8mIuBozHki1nfF3K1YXgw=' 'sha256-Yw3/67WDFoT7czVF2RALaOaLaRtweKwjgMzcHEb7oIs=' 'sha256-+/WzJIUpU+5NsHuQGBp2n0iZvi5LUQ0h8K/qrDy2YJQ=' 'sha256-T4GdVguKtoAY/4wetSihwnlAEpUpN0SBr64TOJa8NU0=' 'sha256-KIDFo1cCsPZjm0CKg+wI3amz1hzD9mNUJ2+4AGHa3uU=' 'sha256-LBsTTQlX5+H68ly1EZvOY6Z9bHzQqntXIpb70r7UJis=' 'sha256-U/nEWHrEPshKXL66+Ph2p6sLJqyHx9w9Sjv8K1Ya0zU=' 'sha256-BcF795XkHI9YEs7DNkb2Auwhmzf0SqcdlO/cXV17POc=' 'sha256-cQonxShNT1IfSfxwOOa2GnQjv3H9iqQdPYmUrW6Tl9w=' 'sha256-Dsxt1/qoUZUtAc/xB2KsqxHj3ORjhh9iGH+ezhmuyks=' 'nonce-bfnnvnfkeg93wg'; 1
default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 1
form-action 'self' https://selinc-pilot.csod.com https://selinc.csod.com http://events.selinc.com https://www.cvent.com *.facebook.com connect.facebook.net https://pi.pardot.com *.twitter.com https://events.selinc.com; report-uri /api/cspNotification/ 1
upgrade-insecure-requests; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://accessibilityserver.org https://amplify.outbrain.com https://bam.nr-data.net https://bat.bing.com https://c.lytics.io https://cdn.segment.com https://cdn.taboola.com https://cdn.userway.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://platform.twitter.com https://qmod.quotemedia.com https://s.yimg.com https://script.hotjar.com https://securepubads.g.doubleclick.net https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://static.hotjar.com https://tr.outbrain.com https://trc.taboola.com https://www.dwin1.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://c.lytics.io https://cdnjs.cloudflare.com https://fonts.googleapis.com https://qmod.quotemedia.com https://static.c1.quotemedia.com; img-src 'self' data: https://alb.reddit.com https://analytics.twitter.com https://bat.bing.com https://c.lytics.io https://cdn.userway.org https://data.dianomi.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://q.quora.com https://secure.gravatar.com https://sp.analytics.yahoo.com https://syndication.twitter.com https://t.co https://tr.outbrain.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.quotemedia.com; connect-src 'self' https://api.segment.io https://api.userway.org https://app.quotemedia.com https://bam.nr-data.net https://ca.foolpitches.com https://cdn.segment.com https://cdn.userway.org https://cds.taboola.com https://csi.gstatic.com https://in.hotjar.com https://pips.taboola.com https://s.yimg.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://to.getnitropack.com https://trc-events.taboola.com https://vc.hotjar.io https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://static.c1.quotemedia.com; frame-src https://gum.criteo.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com; report-uri https://csp.feroot.com/a5814c59-63d2-4c2f-8d39-70a4fbe37b03/a068f8b4-0865-4c32-bd31-375a39409b87/collect; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://script.hotjar.com/; object-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagservices.com https://*.googlesyndication.com https://*.consentmanager.net https://www.google.com https://storage.cloud.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.facebook.net https://*.sascdn.com https://*.smartadserver.com https://*.addthis.com https://*.pinterest.com https://*.designconnected.com https://maps.googleapis.com https://storage.googleapis.com https://www.gstatic.com https://www.linkedin.com https://*.addthisedge.com https://*.doubleclick.net https://www.googleadservices.com https://*.facebook.com https://*.adform.net https://code.createjs.com https://d31qbv1cthcecs.cloudfront.net https://assets.adsttc.com/insights/ https://s.pinimg.com/ct/ https://www.googleoptimize.com https://*.hotjar.com https://z.moatads.com https://cdn.pushalert.co https://ced-ns.sascdn.com https://www.google.es https://www.google.it https://www.google.fr https://www.google.ch https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/ScrollTrigger.min.js; connect-src 'self' https://*.googlesyndication.com https://capi.architonic.com https://*.smartadserver.com https://*.addthis.com https://*.daaily.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.youtube.com https://*.doubleclick.net https://*.addthis.com https://www.facebook.com https://*.adform.net https://www.google.com https://www.instagram.com https://ct.pinterest.com https://*.hotjar.com https://*.hotjar.io https://architonic82.pushalert.co https://api.pushalert.co https://id5-sync.com https://maps.googleapis.com/maps/api/mapsjs/gen_204; img-src data: https://*; child-src data: https://www.facebook.com https://connect.facebook.net https://*.addthis.com https://www.designconnected.com https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://*.doubleclick.net https://assets.pinterest.com  https://*.smartadserver.com https://player.vimeo.com https://creatives.sascdn.com https://*.hotjar.com https://ct.pinterest.com; worker-src blob: https://s.ads.smartadserver.com https://www.architonic.com; frame-src https://www.googleadservices.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com https://*.consentmanager.net https://www.facebook.com https://vars.hotjar.com https://creatives.sascdn.com https://*.addthis.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://player.vimeo.com; report-uri https://8bccfb85f92743dccb8ce984043b12e3.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.epayworldwide.com *.gstatic.com imgsct.cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://on-site.com https://*.on-site.com https://on-site.com:8765 https://*.on-site.com:8765 https://*.realpage.com https://*.erenterplan.com https://cdn.statuspage.io https://code.jquery.com https://acsbap.com https://acsbapp.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; object-src 'self'; worker-src 'self' blob:; report-uri /pub/csp_reports 1
base-uri 'self'; default-src 'self'; script-src 'nonce-ZDkxZDlkMjItN2EwYS00NGI0LWE3OGItZmFkYmEwNTVhYjgw' 'report-sample' 'self' https://www.googletagmanager.com https://c.safetyculture.com https://cdn.segment.com https://snap.licdn.com/ https://cdn.madkudu.com/ https://cdn.amplitude.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.kustomerapp.com https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com https://bat.bing.com https://pages.safetyculture.com https://*.hotjar.com https://fast.wistia.com; style-src 'unsafe-inline' 'report-sample' 'self' https://pages.safetyculture.com https://*.hotjar.com; object-src 'none'; connect-src 'self' https://a.safetyculture.com https://api.segment.io https://c.safetyculture.com https://cdn.segment.com https://*.segmentapis.com https://api.amplitude.com https://scnextsite.wpenginepowered.com/wp-admin/admin-ajax.php https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://support-safetyculture.api.kustomerapp.com https://*.pndsn.com https://safetyculture-sandbox.api.kustomerapp.com https://stats.g.doubleclick.net https://www.facebook.com https://www.instagram.com https://wp-website.safetyculture.com/wp-admin/admin-ajax.php https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://adservice.google.com https://*.wistia.com https://bat.bing.com https://monitor.clickcease.com; manifest-src 'self'; media-src 'self' blob:; font-src 'self' https://fonts.gstatic.com https://cdn.kustomerapp.com data: https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://cdn.kustomerapp.com https://tpc.googlesyndication.com https://www.facebook.com https://*.doubleclick.net https://pages.safetyculture.com https://www.youtube.com; img-src 'self' * data:; worker-src 'none'; report-uri https://safetyculture.com/_csp/scweb/prod?v=240313; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com osjs.netcoresmartech.com region1.google-analytics.com wdc.netcoresmartech.com www.googletagmanager.com buttons-config.sharethis.com *.facebook.com *.gstatic.com px.adx.opera.com *.facebook.net www.google.sn www.google.com.gh *.freshchat.com www.google.cm *.googleapis.com www.google.ci *.twitter.com *.ubagroup.com t.co adservice.google.com *.linkedin.com www.google.ca www.google.com.ng *.alicdn.com www.youtube.com *.googleadservices.com tw.netcore.co.in www.google.fr platform-api.sharethis.com www.google.bj res-odx.op-mobile.opera.com js.boxx.ai maps.google.com ubagroup.com *.instantbillspay.com *.doubleclick.net www.google.com *.ads-twitter.com cdn.jsdelivr.net data.stbuttons.click www.google.co.uk cdnt.netcoresmartech.com *.licdn.com www.ubauae.com region1.analytics.google.com psegment.netcoresmartech.com secure.gravatar.com bcp.crwdcntrl.net creativecdn.com l.sharethis.com google.com twa.netcoresmartech.com www.google-analytics.com translate.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-edAdKdLFb2R5mckQzpeyBsdZE' 'strict-dynamic' 'report-sample'; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self';base-uri 'self';script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline';script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.cookielaw.org fast.wistia.net *.fls.doubleclick.net;frame-src 'self' *.youtube.com script.hotjar.com vars.hotjar.com *.ceros.com *.guardiananytime.com *.adsrvr.org my.visme.co *.ipipeline.com guardianlife.com *.guardianlife.com guardianlife.uat.aws.glic.com *.bound360.com tagmanager.google.com www.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ pi.pardot.com go.pardot.com connect.guardiangroupbenefits.com guardianabsence.webflow.io *.ebix.com;font-src 'self' data: fast.wistia.net;media-src 'self' data: blob:;connect-src 'self' *.onetrust.com www.google-analytics.com *.cookielaw.org collectorprod.glic.com cdn.segment.com api.segment.io graphql.contentful.com;style-src 'self' 'unsafe-inline' https:;object-src 'none';img-src 'self' data: *.ctfassets.net fast.wistia.net 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.kominfo.go.id cdn.userway.org *.gstatic.com cdn77.api.userway.org hearme-storage-bucket.s3.ap-southeast-1.amazonaws.com cdn.jsdelivr.net translate.google.com *.googleapis.com www.google.co.id *.doubleclick.net www.googletagmanager.com www.google-analytics.com whatsapp.png api.userway.org analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://static.hotjar.com/c/hotjar-913278.js https://script.hotjar.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/map.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/marker.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/onion.js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps-api-v3/api/js/54/12a/controls.js https://maps.googleapis.com/maps/vt cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net pro.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' *.cfwnet.org http://www.cfwnet.org http://cfwnet.org www.cfwnet.org; report-uri /ocapi/Public/report-uri/csp;  1
default-src 'self' * blob: * data: *.youtube.com *.facebook.com connect.facebook.net cdnjs.cloudflare.com www.google.com stats.g.doubleclick.net appvizer.one wss://nexus-websocket-a.intercom.io *.stripe.com *.intercom.io *.hotjar.com *.appvizer.one googletagmanager.com www.googletagmanager.com bat.bing.com snap.licdn.com www.google-analytics.com *.mxpnl.com *.googleapis.com *.gstatic.com dc.ads.linkedin.com snap.licdn.com static.hotjar.com cdn4.mxpnl.com widget.intercom.io google-analytics.com *.mixpanel.com *.intercomcdn.com d3js.org snap.licdn.com www.google-analytics.com/analytics.js cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js 'unsafe-inline' 'unsafe-eval'; report-uri /csp/report/ 1
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://uship.report-uri.com/r/t/csp/reportOnly; report-to csp 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 1
script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 1
object-src 'none';base-uri 'self';script-src 'nonce-pSnu9SH6xtayV2NaVDhl3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-rJiZa1GZ+VaSPEojsMnpcQ==' 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.yottaa.net *.rkguns.com *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.authorize.net *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudinary.com *.google.com *.google-analytics.com *.google.co.in *.yottaa.net *.rkguns.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.klevu.com *.ksearchnet.com *.avada.io *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com *.klevu.com *.listrakbi.com *.yottaa.net *.rkguns.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline *.googleapis.com *.listrakbi.com *.yottaa.net *.rkguns.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.gstatic.com *.googletagmanager.com *.listrakbi.com *.google.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.yottaa.net *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-NWHATmFvQAdA22gfMVLecw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri https://arcules.report-uri.com/r/t/csp/wizard 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.milligazete.com.tr file.daktilo.com static.daktilo.com *.gstatic.com *.googleapis.com *.google.com *.googletagservices.com *.google-analytics.com *.ampproject.org https://cdn.adhouse.pro https://cdn2.bildirt.com https://cdn.onesignal.com https://vjs.zencdn.net *.cloudflare.com *.bik.gov.tr *.criteo.com *.yandex.ru *.yandex.com *.adform.net *.googlesyndication.com *.doubleclick.net *.creativecdn.com *.googletagmanager.com *.facebook.net *.idealmedia.io *.mgid.com *.daktilo.com *.youtube.com *.twitter.com *.facebook.com ads.pubmatic.com static.criteo.net cdn.jsdelivr.net eus.rubiconproject.com fastlane.rubiconproject.com; object-src 'none'; report-uri /csp-violation-report-endpoint/ 1
default-src 'self'; script-src * 'unsafe-inline' 'self' https://ajax.googleapis.com/ https://cdn.aliadosporlasalud.com/MX/Salud-Digna/Home/js/owl.carousel.min.js https://cdn.conekta.io/js/latest/conekta.js https://cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/js.cookie.min.js https://cdn.mouseflow.com/projects/d34f0da7-da31-42cb-a2ea-cdd7b5b7ad16.js https://cdn.socket.io/4.5.0/socket.io.min.js https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.4/swiper-bundle.min.js https://connect.facebook.net/signals/config/260859287639784 https://d3fxnri0mz3rya.cloudfront.net/antifraud/key_fNdPxbPkqAt1xF1sYMgQF5w.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/927312241/ https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js https://sdk.coppelpay.com/coppelpaysdk/CoppelPay.js https://static.hotjar.com/c/hotjar-3464179.js https://stats.g.doubleclick.net/dc.js https://www.clarity.ms/tag/e22cdzfezw https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion/927312241/ https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__es.js https://www.salud-digna.com/resources/header/js/jquery-ui.min.js; style-src 'report-sample' 'unsafe-inline' 'self' https://ajax.googleapis.com https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * 'self' https://analytics.google.com https://api.emarketingsd.org https://bitacora-web.salud-digna.site https://cdn.aliadosporlasalud.com https://devolucion-api.salud-digna.site https://r.clarity.ms https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com.mx wss://burbuja.sdmkt.org; font-src 'self' data: https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src * 'self' https://ssl.kaptcha.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com; img-src * 'unsafe-inline' 'self' https://beta.salud-digna.site https://cdn.aliadosporlasalud.com https://cdn.comunidadsd.org https://googleads.g.doubleclick.net https://salud-digna.com https://salud-digna.online https://sfo2.digitaloceanspaces.com https://sfo3.digitaloceanspaces.com https://ssl.kaptcha.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.mx https://www.googletagmanager.com https://www.salud-digna.com; manifest-src 'self'; media-src 'self' https://sd-storage.sfo2.digitaloceanspaces.com; report-uri https://65b7f1e1086f86bedad7bb2c.endpoint.csper.io/?v=0; worker-src 'none'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/families_google 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdnjs.cloudflare.com https://polyfill.io https://heritagefund.matomo.cloud/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://heritagefund.matomo.cloud https://cdnjs.cloudflare.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://p.typekit.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net/; frame-ancestors 'self' 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' unagi-fe.amazon.com unagi.amazon.co.jp fls-fe.amazon.co.jp m.media-amazon.com dpm.demdex.net audible.tt.omtrdc.net audible.sc.omtrdc.net tr.snapchat.com us-central1-adaptive-growth.cloudfunctions.net s.yimg.com sonic.frontier.a2z.com www.audible.com pagead2.googlesyndication.com www.google.com/pagead/ www.facebook.com/tr/; font-src m.media-amazon.com; frame-src 'self' insight.adsrvr.org 8055435.fls.doubleclick.net audible.demdex.net www.facebook.com tr.snapchat.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com match.adsrvr.org apps.rokt.com; img-src 'self' m.media-amazon.com images-fe.ssl-images-amazon.com images-na.ssl-images-amazon.com fls-fe.amazon.co.jp www.facebook.com www.googletagmanager.com t.co analytics.twitter.com alb.reddit.com bat.bing.com sp.analytics.yahoo.com ad.doubleclick.net googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.google.com.au/pagead/ www.google.co.nz/pagead/ www.google.com.my/pagead/ www.google.com.pg/pagead/ www.google.com.ph/pagead/; media-src 'self' m.media-amazon.com; script-src 'self' 'unsafe-inline' d2jpk0qucvwmsj.cloudfront.net images-fe.ssl-images-amazon.com d1l6k7vljxpbvl.cloudfront.net d1g3myji5lplsh.cloudfront.net c2c-fe.amazon.com www.googletagmanager.com www.redditstatic.com assets.kochava.com static.ads-twitter.com apps.rokt.com sc-static.net www.googleadservices.com cdn.pdst.fm js.adsrvr.org s.yimg.com bat.bing.com tr.snapchat.com googleads.g.doubleclick.net connect.facebook.net audible.sc.omtrdc.net; style-src 'self' 'unsafe-inline' images-fe.ssl-images-amazon.com; 1
object-src 'none'; script-src 'self' chosen.jquery.js https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self' chosen.css https://use.typekit.net; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' https://www.madavi.de; font-src 'self' data: https://www.madavi.de; img-src 'self' insecure.madavi.de https://www.madavi.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ampproject.org https://www.madavi.de; style-src 'self' 'unsafe-inline' https://www.madavi.de; report-uri https://www.madavi.de/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=34c4d3a7cb 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=OaU0zcItiZhN5IZnWOBw.SDyTOBrwan7kyo5YxJgVi0-1715736350-1.0.1.1-wk4xEcBDJypOLZVhncsES1cvN75.ytF7bDhvPeaGBmXiMMRzRNUtoGOeM6sBK4LU2xOgaS624YjX0OX6nt3BmK_RR6F5HAXbVPVOCe.GUCdyCg_hu6OGGvvBS50TQKWrT4XdilFfK.0i3NmSnQ2ioBp.QIaHqqplRvFJbYLL9WI; report-to cf-csp-endpoint 1
script-src 'nonce-wFQFgeUi7B09skgvmUDFKw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' data: blob: https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com; connect-src 'self' data: properties: https://cmfglifeinsurance.us-6.evergage.com https://*.google-analytics.com https://*.google.com https://*.linkedin.com https://*.niceincontact.com https://clientstream.launchdarkly.com/ https://fonts.gstatic.com https://*.optimizely.com https://*.cunamutual.com https://www.nextinsure.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googlesyndication.com https://*.trustage.com https://us-central1-adaptive-growth.cloudfunctions.net https://cdn.linkedin.oribi.io https://s.yimg.com https://*.doubleclick.net https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://*.bing.com https://*.googleapis.com https://cunamutual.okta.com https://cdn.cookielaw.org https://cunamutual.oktapreview.com/ https://*.googleadservices.com/ https://*.qualtrics.com/ https://dc.services.visualstudio.com/ https://*.levelaccess.net https://www.googletagmanager.com https://facebook.com/ https://*.segment.io https://*.segment.com https://*.permutive.com https://calc-backend-prod.herokuapp.com https://www.facebook.com; frame-ancestors 'self' https://trustage.com https://*.optimizely.com https://*.trustagedem.com https://*.trustagedemo.com; frame-src 'self' https://trustage.com https://*.googlesyndication.com https://cunamutual.widen.net https://login.microsoftonline.com https://*.widencdn.net https://*.opendns.com https://*.optimizely.com https://www.youtube.com https://chase.hostedpaymentservice.net https://chase-var.hostedpaymentservice.net https://*.doubleclick.net https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.oktacdn.com https://www.googletagmanager.com https://*.trustpilot.com/ https://*.flashtalking.com https://*.google.com https://*.qualtrics.com https://*.affec.tv https://*.opendns.com https://www.facebook.com https://*.ceros.com https://home-c27.incontact.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cmfglifeinsurance.us-6.evergage.com https://*.googlesyndication.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://static-demo.trustage.cloud https://*.trustage.com https://*.googleadservices.com https://*.trustagedem.com https://*.trustagedemo.com https://cdn.cookielaw.org https://*.signalintent.com https://*.google.com https://chase-var.hostedpaymentservice.net https://chase.hostedpaymentservice.net https://cdn.pdst.fm https://snap.licdn.com https://insurance.mediaalpha.com https://us-central1-adaptive-growth.cloudfunctions.net https://s.yimg.com https://*.facebook.net https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://privacyportal.onetrust.com https://*.google.com https://sp.analytics.yahoo.com https://*.linkedin.com https://www.pagespeed-mod.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.oktacdn.com/ https://*.trustpilot.com/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.levelaccess.net/ https://*.qualtrics.com/ https://www.googleoptimize.com https://bat.bing.com https://solutions.invocacdn.com https://pnapi.invoca.net https://*.affec.tv/ https://*.evgnet.com/ https://*.ceros.com https://home-c27.incontact.com https://secure.adnxs.com https://cdn.permutive.com https://trkn.us https://www.facebook.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.trustage.com https://cmfglifeinsurance.us-6.evergage.com https://www.gstatic.com https://*.optimizely.com https://*.affec.tv/ https://chase.hostedpaymentservice.net https://*.bing.com https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://cdn.pdst.fm https://cdn.cookielaw.org https://snap.licdn.com https://*.qualtrics.com https://s.yimg.com https://*.salesforceliveagent.com https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bat.bing.com https://*.evgnet.com/ https://*.levelaccess.net https://chase-var.hostedpaymentservice.net https://*.oktacdn.com https://www.googleoptimize.com https://*.trustpilot.com/ https://az416426.vo.msecnd.net/ https://solutions.invocacdn.com https://secure.adnxs.com https://cdn.permutive.com https://*.signalintent.coms https://*.segment.com https://*.ceros.coms; style-src 'self' 'unsafe-inline' https://cmfglifeinsurance.us-6.evergage.com https://*.trustage.com https://*.trustagedem.com https://*.trustagedemo.com https://*.signalintent.com https://rsms.me https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://google.ca https://www.googleoptimize.com https://*.google-analytics.com https://*.trustpilot.com/ https://www.youtube.com https://web-modules-de-na1.niceincontact.com  https://pwm-image.trendmicro.com https://cdn.honey.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; font-src 'self' data: https://cmfglifeinsurance.us-6.evergage.com https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com https://fonts.cdnfonts.com https://use.fontawesome.com https://static2.sharepointonline.com https://static.zip.co https://embed.signalintent.com https://appservice.azureedge.net/; report-uri /api/csp/report; 1
default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri https://65bb19d961e5f181cebc2978.endpoint.csper.io?v=0; form-action 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self'; worker-src 'none'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.adbr.io *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.tncid.app *.clinch.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.tncid.app *.clinch.co *.visualwebsiteoptimizer.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.hotjar.io *.tncid.app *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' https://*qualtrics.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com maps.googleapis.com https://flex.cybersource.com https://maps.google.com http://localhost:35729; style-src 'self' 'report-sample' blob: 'unsafe-inline'; object-src 'none'; frame-src 'self' www.googletagmanager.com maps.google.com maps.googleapis.com https://*.cybersource.com; child-src 'self' www.googletagmanager.com; img-src 'self' data: blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com; font-src 'self' data: https://flex.cybersource.com https://testflex.cybersource.com; connect-src 'self' https://*qualtrics.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com maps.googleapis.com maps.google.com ws://localhost:35729/livereload; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; 1
default-src 'self'; script-src 'nonce-tFBH5kCJGq+BgMN5LPYLsw==' 'strict-dynamic' 'self' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' unsafe-inline; font-src 'self' data:; img-src 'self' https: blob: data:; object-src 'none'; form-action 'self'; connect-src 'self' https://*; frame-src https://docs.google.com/forms; report-uri https://a63yeeri7wl76nn3q62tl44l3y0zlkpz.lambda-url.ap-northeast-1.on.aws/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net use.typekit.net giftcard.epaybrasil.com.br *.gstatic.com www.google.com *.clarity.ms www.assai.com.br assai.com.br cdn.cookielaw.org cdnjs.cloudflare.com checkip.amazonaws.com use.fontawesome.com www.googletagmanager.com www.youtube.com static.addtoany.com *.onetrust.com *.cloudfront.net plugin.handtalk.me s3-sa-east-1.amazonaws.com bit.ly geoip-db.com cdn.jsdelivr.net unpkg.com *.go2cloud.org static.invisionapp-cdn.com pro.fontawesome.com *.doubleclick.net www.google-analytics.com c.bing.com www.academiaassai.com.br www.google.com.br translation-v3.handtalk.me *.googleapis.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com yotpo-stool.s3.amazonaws.com *.cloudflare.com *.googleapis.com www.google-analytics.com *.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.yotpo.com 'self' data: *.bounceexchange.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bounceexchange.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.barbour.com *.jbs-uat.com admin.barbour.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.hotjar.com *.hotjar.io *.vimeo.com *.google.com *.paypal.com *.bounceexchange.com *.doubleclick.net *.pinterest.com *.facebook.com *.yotpo.com *.addthis.com *.dotmailer-surveys.com *.barbour.com *.jbs-uat.com admin.barbour.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com p.typekit.net s.ytimg.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.postcodeanywhere.co.uk *.cloudflare.com *.google.com *.google.co.uk maps.gstatic.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.yotpo.com yotpo-stool.s3.amazonaws.com https://yotpo-editor-production.s3.amazonaws.com *.doubleclick.net *.curalate.com wf1.mywebdata.co.uk *.bounceexchange.com *.bouncex.net *.paypal.com *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.klarna.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com *.unpkg.com *.qubitproducts.com *.qubit.com *.gstatic.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.bugherd.com *.cloudflare.com *.pcapredict.com acsbapp.com *.cloudflareinsights.com analytics.tiktok.com *.google.com *.gstatic.com *.google-analytics.com *.twimg.com *.paypal.com *.googletagmanager.com *.googleapis.com *.twitter.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.doubleclick.net *.hotjar.com *.hotjar.io www.bugherd.com *.iubenda.com *.iesnare.com *.newrelic.com s.pinimg.com wf1.mywebdata.co.uk *.pingdom.net *.bounceexchange.com *.curalate.com *.goqubit.com js.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.dotmailer-surveys.com *.klarnaservices.com *.barbour.com *.jbs-uat.com admin.barbour.com 'unsafe-inline' data: *.bing.com *.wknd.ai https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'unsafe-inline' data: *.twitter.com *.typekit.net *.yotpo.com *.twimg.com *.postcodeanywhere.co.uk *.bounceexchange.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klarnacdn.net *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.qubitproducts.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iesnare.com *.cdnwidget.com *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com *.adobe.io performance.typekit.net *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.acsbapp.com *.cloudflare.com *.google-analytics.com *.google.com *.googlesyndication.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com *.nr-data.net *.doubleclick.net analytics.tiktok.com *.hotjar.com *.hotjar.io wss://mpsnare.iesnare.com *.mpsnare.iesnare.com *.iubenda.com *.curalate.com *.qubit.com *.pingdom.net *.qubitproducts.com *.pinterest.com *.facebook.com *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://www.google-analytics.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; frame-ancestors 'self'; font-src data: https://doublethedonation.com https://fonts.gstatic.com https://fonts.googleapis.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com; img-src 'self' data: *.medium.com https://unsplash.it https://doublethedonation.com assets.tiltify.com site-assets.tiltify.com https://assets.tiltify.com *.bonfireassets.com *.paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://static-cdn.jtvnw.net *.yt-img.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://doublethedonation.com https://js.stripe.com *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com *.paypal.com https://www.paypalobjects.com https://connect.facebook.net https://static-na.payments-amazon.com https://widget.freshworks.com; style-src 'self' 'unsafe-inline' *.tiltify.com assets.tiltify.com site-assets.tiltify.com https://doublethedonation.com https://fonts.googleapis.com https://widget.freshworks.com; connect-src 'self' *.amazon.com https://doublethedonation.com  *.googleapis.com *.tiltify.com tiltify.com assets.tiltify.com site-assets.tiltify.com wss://websockets.tiltify.com https://locale.tiltify.com https://sentry.io https://api.stripe.com https://cdn.optimizely.com https://www.google-analytics.com https://widget.freshworks.com *.paypal.com; frame-src 'self' https://rumble.com *.amazon.com *.payments-amazon.com *.facebook.com *.twitch.tv https://js.stripe.com https://hooks.stripe.com https://player.twitch.tv https://www.google.com https://www.youtube.com *.paypal.com https://www.paypalobjects.com; manifest-src *.tiltify.com site-assets.tiltify.com https://assets.tiltify.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net translate.google.com *.cne.gob.ec region1.google-analytics.com www.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
frame-ancestors https://*.prace.cz https://my.teamio.com https://*.facebook.com https://*.jobs.cz https://*.topjobs.sk; report-uri /csp-reports/ 1
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' about.instagram.com;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com blob: *.fbsbx.com android-webview-video-poster: *.giphy.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;worker-src *.instagram.com/static_resources/webworker_v1/init_script/ *.instagram.com/static_resources/webworker/init_script/ *.instagram.com/static_resources/sharedworker/init_script/ *.instagram.com/www-service-worker.js;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; script-src 'nonce-65941c2cdae044eb87bd44067e91a3b2'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; style-src 'self' 'nonce-65941c2cdae044eb87bd44067e91a3b2'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playlostark.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d3irh93dd5ckql.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=134-2542953-4043455:rid=475AB0C611B3405BB1F4:sn=www.playlostark.com 1
default-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net https://sessions.bugsnag.com/; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://assets.exercism.org 'unsafe-inline' https://maxcdn.bootstrapcdn.com; child-src 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.apsiyon.com; style-src 'self' 'unsafe-inline' analytics.tiktok.com analytics.tiktok.com/api/v2/monitor cdn.apsiyon.com cdnjs.cloudflare.com translate.googleapis.com fonts.googleapis.com *.apsiyon.com wchat.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apsiyon.com www.google.com www.clarity.ms cdn.apsiyon.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.analytics.tiktok.com/api/v2/monitor connect.facebook.net www.googledservices.com www.googleadservices.com code.jquery.com cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com  www.google-analytics.com googleads.g.doubleclick.net cdn.taboola.com trc.taboola.com  www.gstatic.com wchat.freshchat.com  snap.licdn.com; frame-src 'self' www.googletagmanager.com www.googleadservices.com connect.facebook.net web.facebook.com *.apsiyon.com m.facebook.com  www.google.ro www.youtube.com youtube.com httpsapsiyoncom.webpush.freshchat.com www.google.com bid.g.doubleclick.net wchat.freshchat.com www.facebook.com analytics.tiktok.com analytics.tiktok.com/api/v2/monitor; img-src data: * ; connect-src 'self' 'unsafe-inline' localhost:51192 analytics.tiktok.com analytics.tiktok.com/api/v2/monitor www.google.bg www.google.li www.google.com.bd www.google.ro www.google.com.hk www.google.co.jp www.google.tm www.google.ps www.google.pl www.google.ba www.google.co.za www.google.cz www.google.md www.google.com.ua www.google.com.qa www.google.ba www.google.com.et www.google.jo www.google.hu www.google.ph stats.g.doubleclick.net www.google.at www.google.com.cy www.google.nl www.google.kz www.google.co.in www.google.com.sa www.google.es www.google.kg  www.google.co.id www.google.dk www.google.com.kw www.google.co.kr www.google.cn www.google.co.th www.google.co.uz www.google.co.uk www.google.ae www.google.ch www.google.az www.google.lu www.google.it www.google.com.pk www.google.be www.google.fi www.google.no www.google.sn www.bing.com www.google.se www.google.iq www.google.ie www.google.fr www.googleanalytics.com www.google.de www.google.ru *.taboola.com www.google.co.il  www.facebook.com  www.google.com.tr *.clarity.ms  *.apsiyon.com  analytics.google.com www.google-analytics.com; font-src 'self' data: fonts.googleapis.com use.fontawesome.com themes.googleusercontent.com *.apsiyon.com themes.googleusercontent.com static3.avast.com cdnjs.cloudflare.com fonts.gstatic.com; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-91685574bdb94cf4b0782bb97781ac21' https://www.mypatientchart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mypatientchart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src 'nonce-HomePage-1-04e202c544ed824a3d1f3d3e0a7d8ca9' 'strict-dynamic' 'unsafe-eval'; script-src-elem 'nonce-HomePage-1-04e202c544ed824a3d1f3d3e0a7d8ca9' 'strict-dynamic'; object-src 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net t.paypal.com s.ytimg.com video.google.com vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com *.googleapis.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com cdn.xtento.com *.klevu.com *.ksearchnet.com *.avada.io *.trustpilot.com *.yotpo.com preferredliving.com *.preferredliving.com sportys.com *.sportys.com sportystoolshop.com *.sportystoolshop.com wright-bros.com *.wright-bros.com na-library.klarnaservices.com www.googleadservices.com bat.bing.com www.googletagmanager.com *.bc0a.com hello.zonos.com cdn.mouseflow.com secure.quantserve.com cdn.attn.tv *.datasteam.io googleads.g.doubleclick.net rules.quantcount.com aa.agkn.com *.cloudmaestro.com cdn.b0e8.com cdn.iglobalstores.com *.listrakbi.com www.google-analytics.com *.listrak.com widgets.turnto.com www.google.com www.gstatic.com widget.heymarket.com *.clarity.ms; report-uri /.webscale/csp-report 1
report-uri /api/v1/csp/violation; script-src https://*.intercom.io https://js.intercomcdn.com https://www.google-analytics.com 'unsafe-inline' https://optimize.google.com 'self' https://widget.trustpilot.com https://cdn.segment.com https://*.typekit.net https://www.googletagmanager.com https://cdn.mxpnl.com https://*.fullstory.com https://fullstory.com https://connect.facebook.net https://ajax.googleapis.com https://js.stripe.com https://bat.bing.com https://www.googleadservices.com 'unsafe-eval'; plugin-types application/pdf; frame-ancestors 'none'; child-src https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.doubleclick.net https://js.stripe.com; font-src https://js.intercomcdn.com https://fonts.gstatic.com 'self' https://*.typekit.net; media-src https://js.intercomcdn.com 'self'; base-uri 'none'; connect-src https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://api.mixpanel.com https://*.fullstory.com https://*.typekit.net https://api.segment.io https://adservice.google.com https://*.launchdarkly.com; form-action 'self'; style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'self' https://*.cloudfront.net https://*.typekit.net; object-src 'self'; default-src 'none'; frame-src https://optimize.google.com https://js.stripe.com https://*.doubleclick.net; img-src https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://optimize.google.com https: data: 1
img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.shopogen.ro *.carrefour.ro carrefour.ro *.google.com www.googletagmanager.com *.googletagmanager.com facebook.com *.prefixbox.com *.tiktok.com *.jsdelivr.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.instagram.com *.carrefour.ro carrefour.ro facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.cookiebot.com *.google.com *.carrefour.ro carrefour.ro *.krxd.net *.hotjar.com *.jsdelivr.net *.btdirect.ro *.tiktok.com *.prefixbox.com facebook.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.googletagmanager.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com blob: *.3lift.com *.adnxs.com *.adsrvr.org *.bluekai.com *.casalemedia.com *.ck-ie.com *.contextweb.com *.dotomi.com *.flavedo.io *.flix360.com *.flix360.io *.flixcar.com *.google.ro *.google-analytics.com *.googleadservices.com *.kargo.com *.lijit.com *.mediaplex.com *.openx.net *.paypal.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com servedbyadbutler.com *.sharethrough.com *.shopogen.ro *.stickyadstv.com *.tremorhub.com *.yahoo.com *.carrefour.ro carrefour.ro facebook.com *.krxd.net *.google.com www.googletagmanager.com *.tiktok.com *.prefixbox.com *.jsdelivr.net *.newrelic.com bam.eu01.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cookiebot.com *.dotomi.com *.flix360.com *.flix360.io *.flixcar.com *.flixfacts.com *.googleapis.com *.instagram.com *.jsdelivr.net *.newrelic.com *.paypal.com *.pingdom.net servedbyadbutler.com *.shopogen.ro *.carrefour.ro carrefour.ro chimpstatic.com www.googletagmanager.com *.krxd.net *.prefixbox.com *.tiktok.com *.cookielaw.org *.hotjar.com facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.shopogen.ro *.twitter.com *.typekit.net *.carrefour.ro carrefour.ro *.jsdelivr.net *.prefixbox.com *.tiktok.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.citrusad.com *.doubleclick.net *.flix360.io *.flixcar.com *.googleapis.com *.googlesyndication.com *.instagram.com *.onetrust.com *.paypal.com *.pingdom.net *.shopogen.ro *.carrefour.ro carrefour.ro *.cookielaw.org *.krxd.net *.hotjar.com *.jsdelivr.net *.prefixbox.com *.newrelic.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' https://*.fontawesome.com/ https://*.formassembly.com/ https://*.promedica.app/ https://*.vercel-storage.com/ https://*.vercel.app/ https://analytics.google.com/ https://api.stadiamaps.com/ https://cdn.cookielaw.org/ https://cm.pmdt-jss.localhost/ https://maps.googleapis.com/ https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net/ https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net/ https://pagead2.googlesyndication.com/ https://pcl-staging.promedica.org/ https://pcl.promedica.org/ https://promedica.matomo.cloud/ https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; default-src 'self' https://*.promedica.app/ https://*.vercel.app/; font-src 'self' data: https://*.fontawesome.com/ https://*.promedica.app/ https://*.vercel.app/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: http://dummyimage.com https://*.promedica.app https://*.qualtrics.com https://*.vercel.app https://cdn.cookielaw.org https://maps.googleapis.com https://maps.gstatic.com https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://mc-d506a988-cc64-4e20-af8c-4606-afd.azurefd.net https://pcl-staging.promedica.org https://pcl.promedica.org https://www.google-analytics.com https://www.google.com.ec https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' data: https://pcl.promedica.org/ https://pcl-staging.promedica.org/; object-src 'none'; report-uri https://6480f3f9bf4bdd8c5cde6f2b.endpoint.csper.io/?v=1; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://*.promedica.app/ https://*.vercel.app/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://kit.fontawesome.com/ https://maps.googleapis.com/ https://promedica.tfaforms.net/ https://siteintercept.qualtrics.com/ https://unpkg.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ https://zn86cv25rplysllsr-promedica.siteintercept.qualtrics.com/SIE/; style-src 'report-sample' 'unsafe-inline' 'self' https://*.promedica.app/ https://*.vercel.app/ https://fonts.googleapis.com/ https://promedica.tfaforms.net/; worker-src 'self' blob: 1
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeenterprise_google 1
object-src 'none';base-uri 'self';script-src 'nonce-BpPtUTEmiagUmEb95meSeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' https://static.cdn-decorrespondent.nl/ https://useruploads.cdn-decorrespondent.nl https://decorrespondent.matomo.cloud/ https://o206126.ingest.sentry.io ; form-action 'self'; report-uri https://correspondent.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' unagi-fe.amazon.com m.media-amazon.com api.audible.co.jp dpm.demdex.net audible.tt.omtrdc.net audible.sc.omtrdc.net www.audible.com unagi.amazon.co.jp fls-fe.amazon.co.jp pagead2.googlesyndication.com www.facebook.com/tr/ www.google.com/pagead/; font-src m.media-amazon.com; frame-src 'self' www.facebook.com audible.demdex.net td.doubleclick.net www.googletagmanager.com 9264256.fls.doubleclick.net apps.rokt.com; img-src 'self' m.media-amazon.com images-na.ssl-images-amazon.com images-fe.ssl-images-amazon.com analytics.twitter.com b98.yahoo.co.jp/pagead/ fls-fe.amazon.co.jp googleads.g.doubleclick.net/pagead/viewthroughconversion/ t.co www.facebook.com www.google.co.in/pagead/1p-user-list/ www.google.co.jp/pagead/1p-user-list/ www.google.com www.google.com.br/pagead/1p-user-list/ www.googletagmanager.com; media-src 'self' m.media-amazon.com; script-src 'self' 'unsafe-inline' d2jpk0qucvwmsj.cloudfront.net images-fe.ssl-images-amazon.com d1g3myji5lplsh.cloudfront.net d1l6k7vljxpbvl.cloudfront.net apps.rokt.com audible.sc.omtrdc.net b98.yahoo.co.jp/pagead/ connect.facebook.net googleads.g.doubleclick.net/pagead/viewthroughconversion/ s.yimg.jp static.ads-twitter.com www.googleadservices.com/pagead/ www.googletagmanager.com; style-src 'self' 'unsafe-inline' images-fe.ssl-images-amazon.com; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: https://fonts.intercomcdn.com https://*.yotpo.com https://*.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://*.facebook.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://www.google.com https://track.hubspot.com https://*.intercom.io https://static.intercomassets.com https://*.intercomcdn.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com https://www.google.co.uk https://heapanalytics.com https://*.yotpo.com https://content-faculty.blueprintprep.com www.xtento.com cdn.xtento.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://js.hubspot.com https://*.hs-banner.com https://*.hs-scripts.com https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.infusionsoft.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.yotpo.com https://*.heapanalytics.com https://*.greenhouse.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com https://*.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.trustpilot.com https://*.litix.io wss://*.hotjar.com https://*.yotpo.com https://*.google.com https://*.hscollectedforms.net https://*.pfx.io https://edge.adobedc.net https://*.greenhouse.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.vanillagift.com assets.adobedtm.com d-ipv4.mmapiws.com r2.trackedweb.net media.vanillagift.com cdn.glassboxcdn.com newassets.hcaptcha.com *.gstatic.com c.evidon.com d-ipv6.mmapiws.com expressentry.melissadata.net device.maxmind.com static.trackedweb.net www.googletagmanager.com l.evidon.com js.hcaptcha.com *.facebook.com r2-t.trackedlink.net *.demdex.net region1.analytics.google.com analytics.google.com translate.google.com *.everesttech.net lex.33across.com api.giftcardimpressions.com *.rfihub.com m1.openfpcdn.io sdk.nsureapi.com www.google.com *.googleapis.com *.facebook.net www.google.co.uk *.incomm.com ib.adnxs.com *.omtrdc.net www.google.com.ng fpnpmcdn.net live.rezync.com *.rfihub.net metrics.nsureapi.com report.incomm.glassboxdigital.io sdk-service.nsureapi.com www.google.ca bat.bing.com adservice.google.com www.google.com.au *.doubleclick.net edge.adobedc.net www.google.com.pr ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-mV-F8PF6L756KXxyc2JJsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.drmax-gl.dev *.drmax-sk.space *.drmax.net *.drmax.sk *.drmax.zone *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com bam.eu01.nr-data.net bat.bing.com cdn.evgnet.com cdn.jsdelivr.net cdn.speedcurve.com cdp.drmaxsk.meiro.io cj.dotomi.com consent.cookiebot.com consentcdn.cookiebot.com ct.pinterest.com drmaxbdcsro.germany-2.evergage.com drmaxsvkepmhub.azurewebsites.net drmaxsvkepmhubtest.azurewebsites.net dynamic.criteo.com fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com im9.cz image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space inres.uspech.sk insights.algolia.io js-agent.newrelic.com manager.eu.smartlook.cloud measurement-api.criteo.com pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rec.smartlook.com rtp.persoo.ai s.pinimg.com s2.adform.net scripts.persoo.cz search-service.drmax-gl.space sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.net td.doubleclick.net track.adform.net unpkg.com webchat.drmax.sk www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.kdukvh.com www.recaptcha.net www.redditstatic.com www.youtube-nocookie.com www.youtube.com ; report-to csp-endpoint; report-uri /_cspreports; img-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' stanley1913.com.br *.stanley1913.com.br Stanley.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.stanley-pmi.com.br *.ecommercegateway.com.br *.traycheckout.com.br *.yapay.com.br *.clearsale.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br recursos.stanley-pmi.com.br *.cartstack.com.br *.cartstack.com *.clearsale.com.br *.edrone.me *.cloudfront.net youtube.com *.youtube.com api.edrone.me d3bo67muzbfgtl.cloudfront.net dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.omappapi.com *.getblue.io *.soclminer.com.br *.btg360.com.br *.socialminer.com *.dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com samuraiexpertsstorage.blob.core.windows.net ameprod.azurewebsites.net signalrcore.fbits.net wss://signalrcore.fbits.net targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.adnxs.com *.cloudfront.net gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.cookie-pool.dmp.bluems.com *.newbacon.com dev.newbacon.com *.fbits.store google.com *.google.com *.g.doubleclick.net googleads.g.doubleclick.net google.com.br *.google.com.br *.co.id google.co.id google.pt *.google.pt *.google.es google.es google.co.nz *.co.nz *.google.ch google.ch google.nl *.google.nl google.no *.google.no *.google.cl google.cl *.adyen.com *.clarity.ms *.snapwidget.com *.opendns.com <URL> *.tiktok.com *.pinimg.com *.crazyegg.com *.yimg.com *.navdmp.com *.t.tailtarget.com *.lomadee.com *.instagram.com secure.lomadee.com *.metrics-lomadee.com *.campaign-lomadee.com *.com.x.53047d4805c3d042ba0bc790d5b5883a8773.9270ee58.id.opendns.com *.facebook.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.stanley1913.com.br stanley1913.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self'; script-src 'report-sample' 'self' 'sha256-BiNyGbGZEG1ZcMWhdKvmZ1DwYSpvZ8xcAxRrIag59sQ=' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.it/shp_ita_it/webformat_csptools/report/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: brain.foresee.com rum-collector-2.pingdom.net *.mktoresp.com *.akamaihd.net *.doubleclick.net www.google.ca www.google-analytics.com hoover.foresee.com static.addtoany.com vjs.zencdn.net www.googletagmanager.com *.facebook.com unpkg.com *.crazyegg.com *.clarity.ms www.google.co.in *.cap.org *.ads-twitter.com www.google.ae www.google.com.tr gateway.foresee.com region1.analytics.google.com app.swiftype.com analytics.google.com www.google.com.au rum-static.pingdom.net *.brightcove.net maxcdn.bootstrapcdn.com code.jquery.com www.google.com *.linkedin.com cdnjs.cloudflare.com region1.google-analytics.com *.mktoutil.com static.foresee.com www.google.es api.ipify.org www.google.com.ph www.youtube.com stackpath.bootstrapcdn.com www.google.com.tw *.gstatic.com cf-images.us-east-1.prod.boltdns.net wss://hoover.foresee.com *.googleadservices.com edge.api.brightcove.com munchkin.marketo.net www.google.com.br pm.geniusmonkey.com www.google.com.mx analytics.foresee.com metrics.brightcove.com *.twitter.com *.facebook.net *.licdn.com manifest.prod.boltdns.net *.salesforceliveagent.com device.4seeresults.com t.co cdn3.userzoom.com secure.adnxs.com www.google.com.sa adservice.google.com 00xcogp4vk.execute-api.us-east-1.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://client.crisp.chat *.fontawesome.com *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com www.promessedefleurs.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com p.monetico-services.com www.promessedefleurs.com 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com www.promessedefleurs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.adyen.com https://image.crisp.chat https://images.unsplash.com *.jardindupicvert.com *.promessedefleurs.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://client.crisp.chat *.avada.io https://cdnjs.cloudflare.com https://unpkg.com/pwacompat *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://client.crisp.chat *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com www.promessedefleurs.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.promessedefleurs.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net www.promessedefleurs.com 'self' 'unsafe-inline'; child-src www.promessedefleurs.com http: https: blob: 'self' 'unsafe-inline'; default-src www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VBaJz4hlikEwVbxx462sMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-f7162e0f6c6d4a519b60b00c93984d96' https://myhealthatvanderbilt.com 'self';img-src https://* 'self' blob: data:;style-src https://myhealthatvanderbilt.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-32aea404e2b1499880282243e40e147e' https://mywvuchart.com 'self';img-src https://* 'self' blob: data:;style-src https://mywvuchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.cloudflare.com *.cquotient.com *.adyen.com *.doubleclick.net *.hotjar.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.paypal.com *.paypalobjects.com *.facebook.net *.googletagmanager.com *.salesforceliveagent.com *.criteo.com *.criteo.net *.bazaarvoice.com *.revlifter.io *.bing.com *.zmags.com *.onetrust.com *.scarabresearch.com *.pepperjam.com *.visualwebsiteoptimizer.com *.addthis.com *.iesnare.com *.pinimg.com *.postcodeanywhere.co.uk *.addthisedge.com *.clarity.ms *.googleoptimize.com *.ist-track.com *.moatads.com *.intelli-direct.com *.affiliatetechnology.com *.cloudfront.net *.mention-me.com *.bonmarche.co.uk bonmarche.co.uk *.demandware.net *.bounceexchange.com *.zma.gs *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.freshrelevance.com *.unpkg.com unpkg.com *.omniconvert.com proxy.omniconvert.com app.omniconvert.com cdn.omniconvert.com *.p-i-x-l.com *.feedspark.com *.adalyser.com; style-src 'self' data: 'unsafe-inline' 'unsafe-hashes' *.adyen.com *.googleapis.com *.mapbox.com *.bazaarvoice.com *.bootstrapcdn.com *.postcodeanywhere.co.uk *.bonmarche.co.uk bonmarche.co.uk *.demandware.net *.zma.gs *.zmags.com *.google.com *.unpkg.com unpkg.com; img-src 'self' data: blob: *.adyen.com *.doubleclick.net *.gstatic.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bidswitch.net *.salesforce.com *.googletagmanager.com *.googleapis.com *.paypal.com *.clmbtech.com *.stickyadstv.com *.yahoo.com *.yieldmo.com *.dable.io *.bing.com *.media.net *.teads.tv *.adingo.jp *.3lift.com *.rlcdn.com *.sharethrough.com *.casalemedia.com *.smartadserver.com *.smaato.net *.adnxs.com *.pubmatic.com *.taboola.com *.socdm.com *.360yield.com *.bazaarvoice.com *.official-coupons.com *.official-deals.co.uk *.pinterest.com *.visualwebsiteoptimizer.com *.mediavine.com *.rubiconproject.com *.bonmarche.co.uk *.postcodeanywhere.co.uk *.aralego.com *.aralego.net *.outbrain.com *.facebook.com *.affiliatetechnology.com *.criteo.com *.unbxdapi.com *.simpli.fi *.deepintent.com *.adgrx.com *.onetrust.com bonmarche.co.uk *.demandware.net demandware.net *.adsrvr.org *.clarity.ms *.1rx.io *.zma.gs *.zmags.com *.emxdgt.com *.adform.net *.omnitagjs.com id5-sync.com *.id5-sync.com *.ivitrack.com *.tremorhub.com *.yieldlab.net *.demdex.net *.krxd.net *.thebrighttag.com *.optinadserving.com *.revlifter.io *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.paypalobjects.com *.googleadservices.com *.cloudfront.net *.omniconvert.com proxy.omniconvert.com app.omniconvert.com cdn.omniconvert.com *.adalyser.com; font-src 'self' data: *.sfdcstatic.com *.gstatic.com *.bootstrapcdn.com *.bonmarche.co.uk bonmarche.co.uk *.demandware.net *.zma.gs *.zmags.com *.cloudfront.net; connect-src 'self' *.hotjar.com *.hotjar.io wss: *.paypal.com *.criteo.com *.tryzens-analytics.com:12280 *.google-analytics.com *.googleapis.com *.mapbox.com *.revlifter.io *.bing.com *.onetrust.com *.adyen.com *.pinterest.com *.revlifter.com *.clarity.ms *.addthis.com *.scarabresearch.com *.adalyser.com *.postcodeanywhere.co.uk *.doubleclick.net *.emarsys.net *.facebook.com *.amazonaws.com *.mention-me.com *.bonmarche.co.uk bonmarche.co.uk *.demandware.net *.zma.gs *.zmags.com https://vimeo.com *.google.com https://google.com *.freshrelevance.com *.cloudfront.net *.dycdn.net *.cloudflare.com *.unpkg.com *.omniconvert.com proxy.omniconvert.com app.omniconvert.com cdn.omniconvert.com *.stape.io *.feedspark.com; frame-src 'self' *.doubleclick.net *.adyen.com *.hotjar.com *.paypal.com *.criteo.com *.criteo.net *.bazaarvoice.com *.pinterest.com *.google.com *.addthis.com *.facebook.com *.paypalobjects.com *.mention-me.com *.bonmarche.co.uk bonmarche.co.uk *.demandware.net *.zma.gs *.zmags.com *.pepperjamnetwork.com *.official-deals.co.uk *.official-coupons.com *.arcot.com *.vimeo.com *.rlvs.co.uk *.googleapis.com *.icicibank.com; worker-src 'self' blob: *.bonmarche.co.uk bonmarche.co.uk *.demandware.net; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/bonmarch-cspdata; 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.budweiser.com www.google.com.br d.tailtarget.com newassets.hcaptcha.com t.co www.google.com *.doubleclick.net scanjs.justdigital.com.br trk.clinch.co code.jquery.com *.googleapis.com static.addtoany.com cdn.krxd.net in.treasuredata.com *.mathtag.com js.hcaptcha.com *.facebook.com cdn.cookielaw.org analytics.google.com ipinfo.io beacon.krxd.net www.youtube.com js-agent.newrelic.com tt-10943-6.seg.t.tailtarget.com *.onetrust.com *.facebook.net *.tiktok.com cdn.treasuredata.com www.google-analytics.com *.clarity.ms bam.nr-data.net player.twitch.tv cdnjs.cloudflare.com budweiser.com www.googletagmanager.com *.gstatic.com tags.w55c.net mlts.dynamsoft.com cdn.jsdelivr.net *.twitter.com netdna.bootstrapcdn.com cdn.clinch.co *.adsrvr.org t.tailtarget.com get.geojs.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com r2.trackedweb.net d-ipv6.mmapiws.com *.omtrdc.net *.rfihub.com media.amexgiftcard.com *.rfihub.net d-ipv4.mmapiws.com static.trackedweb.net report.incomm.glassboxdigital.io www.googletagmanager.com sdk.nsureapi.com www.google.com cdn.glassboxcdn.com sdk-service.nsureapi.com fpnpmcdn.net metrics.nsureapi.com c.evidon.com prod.accdab.net *.doubleclick.net *.incomm.com *.everesttech.net *.demdex.net assets.adobedtm.com newassets.hcaptcha.com edge.adobedc.net prod01.kaxsdc.com device.maxmind.com js.hcaptcha.com r2-t.trackedlink.net expressentry.melissadata.net *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fpartners&source%5Buuid%5D=a87adae3-2c42-4638-980d-2fce30fa7aee-1715737120 1
object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 1
script-src 'self' 'unsafe-eval' assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com https://www.skynettechnologies.com platform-api.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' answers-embed.cooper.edu.pagescdn.com buttons-config.sharethis.com cdn.unibuddy.co chimpstatic.com mx.technolutions.net traffic-drivers.unibuddy.co www.google-analytics.com www.googletagmanager.com www.youvisit.com www.youtube.com cooper.us10.list-manage.com s3.amazonaws.com t.sharethis.com js-agent.newrelic.com www.skynettechnologies.com assets.sitescdn.net connect.cooper.edu https://cdnjs.cloudflare.com https://www.skynettechnologies.com platform-api.sharethis.com; style-src 'self' fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn-images.mailchimp.com fonts.googleapis.com https://assets.sitescdn.net https://cdnjs.cloudflare.com; frame-ancestors 'self' cooper.edu; report-uri https://cooper.report-uri.com/r/d/csp/wizard 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.doubleclick.net consentcdn.cookiebot.com bat.bing.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn1.stamped.io stamped.io mageside.com cdn.stamped.io www.ojrq.net *.clarity.ms *.bing.com *.cookiebot.com help.gardeningexpress.co.uk/ flagpedia.net www.google.de www.google.co.uk bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com *.newrelic.com maps.googleapis.com consent.cookiebot.com ajax.googleapis.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn1.stamped.io stamped.io maxcdn.bootstrapcdn.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://gardeningexpress.us12.list-manage.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com http://dpm.demdex.net cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com pagead2.googlesyndication.com gardeningexpress.pxf.io *.doubleclick.net *.google.com www.gstatic.com maps.googleapis.com bat.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google-analytics.com assets.airtrfx.com *.googleapis.com www.srilankan.com www.google.co.th www.googletagmanager.com cdnjs.cloudflare.com *.facebook.net cdn.perfdrive.com search-api.swiftype.com www.google.co.nz em-fonts-prod.airtrfx.com *.doubleclick.net www.google.de i-click.srilankan.com *.facebook.com www.google.co.uk www.google.com.qa region1.analytics.google.com www.google.fr www.google.com.hk em-frontend-assets.airtrfx.com cdn.jsdelivr.net vg-api.airtrfx.com www.google.com.au everymundo.github.io www.google.ca www.google.ae www.google.lk s.swiftypecdn.com em-frontend-assets-dev.airtrfx.com staging-dc-api.securitytrfx.com openair-california.airtrfx.com www.google.com.sa chatlk.scicom.com.my:8282 endpoint2.collection.sumologic.com www.google.com.pk www.google.mv *.ampproject.org em-tr4ck-settings.airtrfx.com upgrade.plusgrade.com s.go-mpulse.net datacore-write.securitytrfx.com cc.swiftype.com www.google.com.kw em-font-service-prod.airtrfx.com www.google.co.in www.google.co.id fc-services-api.airtrfx.com tenant-code-to-type-mapper.everymundo.workers.dev ssl.google-analytics.com analytics.google.com em-fonts.everymundo.net em-frame.securitytrfx.com www.google.com.sg *.googleadservices.com www.google.co.jp www.google.co.kr www.google.com.my www.google.com.bd adservice.google.com vg-generic-prod.airtrfx.com book.srilankan.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.nl https://www.myheritage.nl  'unsafe-eval' 'nonce-112df3d13f9f82d92faf1fe77b33b5f6' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.nl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
connect-src 'self' *.s3.eu-west-1.amazonaws.com api.locize.app *.cookiepro.com  *.hubspot.com forms.hscollectedforms.net forms.hsforms.com www.youtube.com www.youtube-nocookie.com i.ytimg.com https://api.atelierdeschefs.fr www.google.com apis.google.com *.googleapis.com *.kameleoon.io https://atelierdeschefs-prod-2700e.firebaseapp.com checkoutshopper-live.adyen.com *.cdn.adyen.com checkout.getalma.eu api.getalma.eu https://cdn.jsdelivr.net hooks.stripe.com geolocation.onetrust.com *.google-analytics.com connect.facebook.net www.facebook.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com *.google.com analytics.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live;    script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.usemessages.com track.hubspot.com js.hsleadflows.net www.googletagmanager.com *.cookiepro.com  www.youtube.com www.youtube-nocookie.com i.ytimg.com *.kameleoon.io www.google.com apis.google.com *.googleapis.com checkoutshopper-live.adyen.com *.cdn.adyen.com checkout.getalma.eu api.getalma.eu https://cdn.jsdelivr.net hooks.stripe.com geolocation.onetrust.com *.google-analytics.com connect.facebook.net www.facebook.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com *.google.com analytics.tiktok.com *.doubleclick.net *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es vercel.live *.gstatic.com;    style-src 'self' 'unsafe-inline';    img-src 'self' blob: data: *.hubspot.com forms.hscollectedforms.net forms.hsforms.com *.cookiepro.com  www.googletagmanager.com www.youtube.com www.youtube-nocookie.com i.ytimg.com purecatamphetamine.github.io dxpulwm6xta2f.cloudfront.net d165zz1olxm90a.cloudfront.net *.s3.eu-west-1.amazonaws.com checkoutshopper-live.adyen.com *.cdn.adyen.com connect.facebook.net www.facebook.com bat.bing.com www.google-analytics.com googleads.g.doubleclick.net https://translate.google.com *.google.com *.google.ie *.google.fr *.google.be *.google.ca *.google.ch *.google.tn *.google.dz *.google.co.uk *.google.es *.google.lu *.google.de *.google.sn *.google.ci *.google.co.il *.google.mg *.google.it *.google.pt *.google.com.mx *.google.com.ma *.google.mu *.google.nl *.google.com.au *.google.com.br *.google.co.th *.google.co.ma *.google.cm *.google.ae *.google.co.jp *.google.cd *.google.com.lb *.google.ga *.google.ad *.google.co.nz *.google.sk *.google.com.tr *.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com *.google.com *.gstatic.com;    font-src 'self' data: fonts.atelierdeschefs.fr at.alicdn.com fonts.gstatic.com github.com;    object-src data:;    base-uri 'self';    form-action 'self' *.wlp-acs.com *.monext.fr *.cic.fr *.creditmutuel.fr *.marqeta.com *.secure.lcl.fr 3ds.redsys.es connect.facebook.net www.facebook.com;    frame-ancestors 'none';    frame-src connect.facebook.net www.facebook.com;    manifest-src 'self';    block-all-mixed-content;    report-uri csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc9d6ee3ce79da61dcd985b50012b6709&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com staticw2.yotpo.com static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.youtube.com www.facebook.com tpc.googlesyndication.com pinterest.com tr.snapchat.com ct.pinterest.com paymentcapture.resin.com payments.amazon.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.azureedge.net *.highlights.com bat.bing.com ct.pinterest.com log.pinterest.com markhor.organicfruitapps.com www.facebook.com cdn-vzn.yottaa.net p.yotpo.com collector-9323.us.tvsquared.com tr2.smarterhq.io login.dotomi.com login-ds.dotomi.com sp.analytics.yahoo.com t.co instagram.com d3k81ch9hvuctc.cloudfront.net global.smarterhq.io assets.bounceexchange.com events.bouncex.net tr.snapchat.com idr.cdnwidget.com c.bing.com bam.nr-data.net c.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudfront.net *.smarterhq.io *.highlights.com www.facebook.com s.pinimg.com bat.bing.com autolinkmaker.itunes.apple.com collector-9323.us.tvsquared.com assets.pinterest.com payments.qa-cloud.buysub.com identity.qa-cloud.buysub.com static.klaviyo.com s.yimg.com platform.twitter.com static.ads-twitter.com analytics.twitter.com www.google.com www.googleoptimize.com tpc.googlesyndication.com staticw2.yotpo.com https://api.bounceexchange.com/ assets.bounceexchange.com js-agent.newrelic.com/ lsdm.co mpsnare.iesnare.com *.mpsnare.iesnare.com wss://mpsnare.iesnare.com static-tracking.klaviyo.com bam.nr-data.net tag.wknd.ai track.securedvisit.com *.clarity.ms sc-static.net paymentcapture.resin.com cdn.quantummetric.com analytics.tiktok.com paymentcapture-staging.resin.com static-na.payments-amazon.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.highlights.com payments.qa-cloud.buysub.com static.klaviyo.com use.typekit.net p.typekit.net staticw2.yotpo.com *.fontawesome.com https://static.klaviyo.com *.alothemes.com *.magepow.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.highlights.com ct.pinterest.com stats.g.doubleclick.net bat.bing.com tr2.smarterhq.io payments-api.qa-cloud.buysub.com static-forms.klaviyo.com telemetrics.klaviyo.com a.klaviyo.com s.yimg.com www.facebook.com staticw2.yotpo.com bam.nr-data.net adservice.google.com wss://mpsnare.iesnare.com *.clarity.ms *.cdnbasket.net tr.snapchat.com pd.cdnwidget.com static-na.payments-amazon.com dfp.bouncex.net events.bouncex.net analytics.tiktok.com highlights-app.quantummetric.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com *.abtasty.com 'self' 'unsafe-eval'; base-uri 'self'; report-uri https://highlights.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.facebook.com https://*.aralego.com https://*.brightcove.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.tappaysdk.com google.com *.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.tappaysdk.com google.com *.google.com https://*.criteo.com www.facebook.com https://*.decathlon.tw https://*.aralego.com https://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com *.freshworks.com *.freshchat.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://mas.astralweb.com.tw www.gstatic.com https://*.google.com https://*.google.com.tw https://*.facebook.com https://*.bing.com https://*.mediadecathlon.com https://*.decathlon.tw https://*.aralego.com https://*.aralego.net https://*.g.doubleclick.net https://*.awoo.org http://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com/ https://*.brightcove.com https://*.brightcove.net http://*.boltdns.net/ http://*.brightcove.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.tappaysdk.com google.com *.google.com https://*.google.com https://*.facebook.net https://*.g.doubleclick.net https://*.criteo.com http://*.criteo.com http://*.criteo.net https://deploy.mopinion.com https://*.bing.com https://try.abtasty.com https://www.clarity.ms https://*.abtasty.com https://*.googleapis.com https://*.mediadecathlon.com https://*.decathlon.tw https://*.aralego.com https://*.newrelic.com https://*.nr-data.net https://*.awoo.org https://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com https://vjs.zencdn.net https://*.brightcove.com http://*.brightcove.com *.freshworks.com *.freshchat.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tappaysdk.com google.com *.google.com *.freshworks.com *.freshchat.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://*.brightcove.com http://*.brightcove.net https://*.brightcove.com https://*.brightcove.net 'self' 'unsafe-inline'; manifest-src *.tappaysdk.com google.com *.google.com *.freshworks.com *.freshchat.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.tappaysdk.com google.com *.google.com https://analytics.google.com https://connect.facebook.net www.facebook.com https://*.g.doubleclick.net https://*.criteo.com https://deploy.mopinion.com http://deploy.mopinion.com https://*.google.com https://*.google.com.tw https://b.clarity.ms https://*.abtasty.com https://*.decathlon.tw https://*.aralego.com https://*.nr-data.net https://*.awoo.org http://*.brightcove.net https://*.digital-cloud-west.medallia.com https://*.kampyle.com https://*.brightcove.com http://*.boltdns.net http://*.akamaihd.net http://*.brightcove.com https://*.brightcove.net *.freshworks.com *.freshchat.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com https://widget.spreaker.com; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.unibocconi.it/it/report-uri/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io *.youtube.com fonts.gstatic.com *.ytimg.com; img-src 'self' data:  *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io; connect-src https: wss: *.maryno.net *.vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.getsale.io; upgrade-insecure-requests; report-uri https://sentry.maryno.net/api/14/csp-report/?sentry_key=79209ab7e939495bba7b8d83b14909d9 1
default-src 'self'; script-src 'report-sample' 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/CHIHFAf1bjFPOjwwi5Xa4cWR/recaptcha__en.js; style-src 'report-sample' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://min-api.cryptocompare.com wss://relay.walletconnect.com https://explorer-api.walletconnect.com https://rpc.walletconnect.com https://rpc.flashbots.net ; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://verify.walletconnect.org https://verify.walletconnect.com; img-src 'self' https://explorer-api.walletconnect.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self'; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zopim.com *.zopim.io *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zopim.io *.google.co.in *.mastercard.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.media.net *.360yield.com *.outbrain.com *.rubinproject.com *.sharethrough.com *.smartadserver.net *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.omnitagjs.com *.sync.com *.ivitrack.com *.mediavine.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.semasio.net *.krxd.net *.thebrighttag.com *.smartadserver.com *.yahoo.com https://id5-sync.com *.rubiconproject.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.iyzicopwi.com.tr *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zdassets.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.rossmann.com.tr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudflare.com https://stats.g.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.chopo.com.mx c.ltmsphrcl.net commerce.adobedtm.com js-agent.newrelic.com t.sharethis.com api.mercadopago.com sync.sharethis.com www.mercadolibre.com *.googleadservices.com bam.nr-data.net *.clarity.ms ws.sharethis.com www.google-analytics.com cdnjs.cloudflare.com platform-api.sharethis.com sdk.mercadopago.com mcstaging.chopo.com.mx http2.mlstatic.com *.ads-twitter.com l.sharethis.com *.doubleclick.net google.com www.youtube.com www.mercadopago.com.mx magento-recs-sdk.adobe.net commerce.adobe.io adservice.google.com unpkg.com www.google.com www.google.com.mx sdk.examedi.com cdn.jsdelivr.net t.co events.mercadopago.com bcp.crwdcntrl.net *.licdn.com analytics.google.com api.mercadolibre.com data.stbuttons.click *.twitter.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.gstatic.com www.countryroad.co.nz apigw.apac-prod.doddle.tech *.facebook.com unpkg.com images.ctfassets.net *.doubleclick.net t.contentsquare.net tags.tiqcdn.com b.sli-spark.com www.googletagmanager.com www.google.ca sdk.giftflick.com.au www.google.co.in *.tiktok.com na.klarnaevt.com l.contentsquare.net cdn.attraqt.io www.google.com websdk.appsflyer.com *.vimeo.com collect.auspost.com.au au3-cdn.inside-graph.com oc.klarnaevt.com *.useinsider.com collect-ap2.attraqt.io js.maxmind.com oc-library.klarnaservices.com www.countryroad.com.au cdn.jsdelivr.net *.dynatrace.com dressipi-production.countryroad.com *.paypal.com www.google.co.za bam.nr-data.net www.google.co.nz *.bazaarvoice.com *.optimizely.com international.countryroad.com eu.klarnaevt.com dressipi-production.countryroad.com.au www.giftflick.com.au use.typekit.net www.google.com.au js.klarna.com srm.ba.contentsquare.net *.a.run.app dressipi-production.countryroad.co.nz x.klarnacdn.net wss://au3-live.inside-graph.com q-aeu1.contentsquare.net api.giftflick.com.au na-library.klarnaservices.com adapter.www.countryroad.com vitals.vercel-insights.com bat.bing.com www.countryroad.com *.hotjar.com utt.impactcdn.com cdn.honey.io wa.onelink.me query.published.live1.suggest.ap2.fredhopperservices.com region1.analytics.google.com adapter.www.countryroad.com.au cdn.truefitcorp.com *.igodigital.com www-commerce.countryroad.co.nz *.sjv.io au3-live.inside-graph.com *.cloudfront.net sp.analytics.yahoo.com *.pinterest.com c.contentsquare.net www.ojrq.net a.countryroad.com.au www.google.co.uk cor-cdn.truefitcorp.com www.google-analytics.com analytics.google.com *.tealiumiq.com au3-track.inside-graph.com location-finder-v2.apac-prod.doddle.tech wh1aev3s.micpn.com www-commerce.countryroad.com.au metrics.hotjar.io *.facebook.net *.pxf.io s.yimg.com code.jquery.com *.googleadservices.com api.amplitude.com content.hotjar.io adservice.google.com *.pinimg.com www.paypalobjects.com *.salesforce-sites.com k-aeu1.contentsquare.net js-agent.newrelic.com logs-01.loggly.com vc.hotjar.io adapter.www.countryroad.co.nz www-commerce.countryroad.com wa.appsflyer.com *.micpn.com i.vimeocdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com obs.withflowersea.com *.kaspersky-labs.com mundo-italika.ekt-ecommerce-dev.com graph.elektrapp.com.mx www.googletagmanager.com cdnjs.cloudflare.com af-origin.vtex.com io.vtex.com.br facturacion.gruposalinas.com.mx mc.yandex.com mc.yandex.ru via.placeholder.com *.everesttech.net middleware.elektrapp.com.mx ekt-atap.s3.amazonaws.com cariai.com catalog-search-graph.elektrapp.com.mx www.italika.mx core.yads.tech *.vtexassets.com activity-flow.vtex.com *.vteximg.com.br *.demdex.net *.googleadservices.com r.intake-lr.com developers.google.com assets.adobedtm.com graphinv-italika.elektrapp.com.mx *.omtrdc.net ob.withflowersea.com io2.vtex.com metrics.hotjar.io an.yandex.ru code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net cdn.intake-lr.com www.google.com.gt www.google.com.mx www.googleoptimize.com rc.vtex.com www.google.com.pe *.cloudfront.net *.hotjar.com *.googleapis.com www.google-analytics.com unpkg.com yandexmetrica.com:29010 sync.sharethis.com gw-iad-bid.ymmobi.com *.gstatic.com cdn.scarabresearch.com content.hotjar.io yandexmetrica.com:30103 adservice.google.com yandex.ru mc.yandex.md sp.vtex.com translate.google.com www.google.com www.youtube.com calixtachat.s3-us-west-1.amazonaws.com vc.hotjar.io postventa.italika.mx:8248 yandex.com middleware-nec.elektrapp.com.mx ymetrica1.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com geowidget.easypack24.net *.twimg.com *.trustedshops.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.twitter.com *.google.com *.addthis.com consentcdn.cookiebot.com ct.pinterest.com profiling.clickonometrics.pl tbl.tradedoubler.com qx1wvp0fr44qzi0yebexmrer.snrpush.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com sync.clickonometrics.pl devel-homla.push-ad.com creativecdn.com vars.hotjar.com static.addtoany.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com www.googletagmanager.com conversionlabs.net.pl analytics.greensender.pl maps.gstatic.com maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.klarna.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu scontent-waw1-1.cdninstagram.com app.push-ad.com ct.pinterest.com www.google.pl pixel.wp.pl homla.com.pl *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.cloudflare.com *.twitter.com googletagmanager.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com widgets.pinterest.com consent.cookiebot.com static.vidvi.com www.clarity.ms profiling.clickonometrics.pl cdn.jsdelivr.net api.mapbox.com geowidget.easypack24.net maps.googleapis.com bam.eu01.nr-data.net web.snrbox.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.snrcdn.net *.twimg.com *.usercentrics.eu bam.nr-data.net us-wbe.gr-cdn.com www.newsletter.homla.com.pl script.hotjar.com s.pinimg.com static.hotjar.com delivery.clickonometrics.pl web-sdk.smartlook.com wrap.tradedoubler.com chat-widget.thulium.com/ js-agent.newrelic.com pixel.wp.pl static.clickonometrics.pl bam-cell.nr-data.net unpkg.com static.addtoany.com ga.getresponse.com us-an.gr-cdn.com newsletter.homla.com.pl devel-homla.push-ad.com *.avada.io marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com geowidget.easypack24.net unsafe-inline *.snrcdn.net *.twimg.com *.trustedshops.com *.usercentrics.eu api3.push-ad.com devel-homla.push-ad.com marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chat-widget.thulium.com daviness.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com b.clarity.ms region1.analytics.google.com delivery.clickonometrics.pl maps.googleapis.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.snrbox.com *.twimg.com bam.nr-data.net in.hotjar.com vc.hotjar.io ga.getresponse.com app.push-ad.com manager.eu.smartlook.cloud ct.pinterest.com stats.g.doubleclick.net chat-widget.thulium.com bam-cell.nr-data.net api3.push-ad.com ga2.getresponse.com devel-homla.push-ad.com t.elasticsuite.io marketing.homla.com.pl *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://https://homla.com.pl/csp/reporturi; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.ampol.com.au *.licdn.com *.gstatic.com www.google.com *.googleadservices.com *.azure-api.net *.googleapis.com *.linkedin.com digital-api.ampol.com.au images.contentstack.io bat.bing.com www.googletagmanager.com *.demdex.net *.salesforceliveagent.com *.everesttech.net www.datateck.com.au *.clarity.ms *.facebook.net www.sfdcstatic.com www.everestjs.net *.facebook.com *.doubleclick.net adservice.google.com www.youtube.com www.google.com.au jsonip.com *.force.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.fr https://www.myheritage.fr  'unsafe-eval' 'nonce-95a96c17869dd4505b89eedcbf6aef56' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.fr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.es https://www.myheritage.es  'unsafe-eval' 'nonce-d272f22b045114d7ab2731c6c4441a72' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.br https://www.myheritage.com.br  'unsafe-eval' 'nonce-46a54e64d2ccfdca80bc053f0ef8772a' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
object-src 'none';base-uri 'self';script-src 'nonce-kgPM2o0wLEOded5IkRFcxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.snapchat.com www.google.com www.google-analytics.com *.doubleclick.net *.googleapis.com www.speedway.com www.googletagmanager.com mon16-normal-useast5.tiktokv.us *.facebook.net *.facebook.com login.speedway.com sc-static.net assets.adobedtm.com cdn.jsdelivr.net www.speedycafe.com assets.speedway.com adservice.google.com edge.adobedc.net *.demdex.net olivia.paradox.ai *.gstatic.com cdn.clarip.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.www.fortuneo.fr https://*.ctfassets.net https://cdn.trustcommander.net https://d3ayv6nsn4rwn3.cloudfront.net https://*.dial-once.com https://preview.contentful.com https://cdn.contentful.com https://www.youtube.com https://hacl.iadvize.com https://privacy.commander1.com https://*.contentsquare.net https://www.googletagmanager.com https://halc.iadvize.com https://sc-static.net https://www.google-analytics.com https://static.iadvize.com https://c.contentsquare.net https://tr.snapchat.com https://privacy.trustcommander.net https://api.iadvize.com https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://ajax.googleapis.com  https://cdnjs.cloudflare.com https://banque.meilleurtaux.com https://player.vimeo.com https://vimeo.com https://embed.twitch.tv https://www.dailymotion.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://www.googleadservices.com https://www.facebook.com https://secure.quantserve.com https://u.logbor.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://*.quantserve.com https://bid.g.doubleclick.net  https://*.fls.doubleclick.net  https://snap.licdn.com  https://platform.commandersact.com https://manager.tagcommander.com https://cdn.tagcommander.com https://adservice.google.com https://px.ads.linkedin.com https://js-agent.newrelic.com https://fonts.googleapis.com https://*.inbenta.io https://*.mopinion.com https://*.abtasty.com ; report-to csp-listener 1
default-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com; connect-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com aipoweredmarketer.kerberos.okta.com aipoweredmarketer.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com; style-src 'unsafe-inline' 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com; frame-src 'self' aipoweredmarketer.okta.com aipoweredmarketer-admin.okta.com login.goacoustic.com login.okta.com; img-src 'self' aipoweredmarketer.okta.com login.goacoustic.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' aipoweredmarketer.okta.com login.goacoustic.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
default-src 'none'; report-uri /api/sec-csp/110000764/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=c6cdfa7f-4fa2-448b-87a8-034408b8d277-1715736734 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com https://sandbox.sequracdn.com/ *.reskyt.com/ http://static.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com https://plumrocket.com https://sandbox.sequracdn.com https://live.sequracdn.com *.trustpilot.com *.paypalobjects.com/ *.flyde.io/ *.redintelligence.net/ *.reskyt.com/ *.quantummetric.com/ *.sequrapi.com/ *.klarnacdn.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://sandbox.sequracdn.com https://live.sequracdn.com *.padelnuestro.com https://www.google.ie *.googleapis.com *.gstatic.com https://www.google.es/ads/ https://www.googletagmanager.com/ https://www.emjcd.com/ https://cj.dotomi.com/ *.cloudfront.net *.bing.com/ *.adform.net/ *.facebook.com/ *.reskyt.com/ *.connectif.cloud/ http://static.oct8ne.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.adyen.com *.klarnacdn.net/ *.klarnaservices.com https://cdnjs.cloudflare.com https://sandbox.sequracdn.com https://live.sequracdn.com *.trustpilot.com https://sdk.privacy-center.org https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.gstatic.com https://www.mczbf.com/ https://cdn.connectif.cloud/ *.cloudfront.net https://unpkg.com/ https://commerce.adobedtm.com/ *.bing.com/ *.adform.net/ *.jsdelivr.net/ *.flyde.io/ *.facebook.net/ *.tiktok.com/ *.reskyt.com/ *.quantummetric.com/ blob *.klarna.com/ *.sequrapi.com/ *.clarity.ms/ http://static.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.trustpilot.com *.googletagmanager.com/ *.reskyt.com/ *.quantummetric.com/ *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io qa-api.magedevteam.com *.sentry.io *.adyen.com *.klarnaevt.com *.klarnaservices.com https://sandbox.sequracdn.com https://live.sequracdn.com https://region1.google-analytics.com https://api.privacy-center.org *.doubleclick.net https://bam.nr-data.net *.googleapis.com *.gstatic.com *.google.com https://www.mczbf.com/ *.connectif.cloud/ *.flyde.io/ *.tiktok.com/ *.facebook.com/ *.reskyt.com/ *.quantummetric.com/ *.googlesyndication.com/ *.klarna.com/ *.klarnacdn.net/ *.clarity.ms/ http://frontal-usa.oct8ne.com https://pre.wayletlabs.com/* https://pro.waylet.es/* 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.glassix.com/ *.doubleclick.net https://td.doubleclick.net/ ams.creativecdn.com https://12145029.fls.doubleclick.net/ https://stats.g.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://fledge.eu.criteo.com/ https://gateway20.pelecard.biz/ https://apps.commbox.io/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://access.nagich.co.il www.google.co.il www.facebook.com https://mcstaging.ace.co.il/media/ https://ace.co.il/media/ https://apps.commbox.io/ https://private-media-node67.s3.eu-west-1.amazonaws.com/ https://*.zoomengage.com/ https://c1.adform.net/ https://x.bidswitch.net/ *.cloudfront.net/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://ads.stickyadstv.com/ https://idsync.rlcdn.com/ https://c.bing.com/ https://ad.doubleclick.net/ https://beacon.krxd.net/ https://cm.adgrx.com/ https://tags.bluekai.com/ https://ib.adnxs.com/ https://sync-criteo.ads.yieldmo.com https://sync.aralego.com/ https://ade.clmbtech.com/ https://s.ad.smaato.net/ https://simage2.pubmatic.com/ https://sync.outbrain.com/ https://ad.360yield.com/ https://cs.adingo.jp/ https://tg.socdm.com/ https://adgen.socdm.com/ https://hb.yahoo.net/ https://eb2.3lift.com/ https://criteo-sync.teads.tv/ https://sync-t1.taboola.com/ https://rtb-csync.smartadserver.com/ https://pixel.rubiconproject.com/ https://contextual.media.net/ https://cm.g.doubleclick.net/ https://*.criteo.com/ https://cdn.aralego.net/ https://f.creativecdn.com https://pr-bh.ybp.yahoo.com/ https://match.adsrvr.org/ https://image8.pubmatic.com/ https://image4.pubmatic.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js https://js.nagich.co.il *.barilliance.com https://access.nagich.co.il *.cloudfront.net *.doubleclick.net connect.facebook.net analytics.tiktok.com tags.creativecdn.com maps.googleapis.com https://apps.commbox.io/ https://bringthemhomenow.net/ https://static.hotjar.com/ https://srv01.pixelinf.com/ https://static.criteo.net/ https://widgetver.zoomengage.com/ https://script.hotjar.com/ https://sslwidget.criteo.com/ https://widgetapi.zoomengage.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://access.nagich.co.il *.cloudfront.net https://apps.commbox.io/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.mcstaging.ace.co.il www.ace.co.il https://apps.commbox.io/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.nagich.co.il *.glassix.com *.barilliance.com *.barilliance.net *.analytics.google.com/ *.google.com *.googlesyndication.com analytics.tiktok.com ams.creativecdn.com https://stats.g.doubleclick.net/ https://vc.hotjar.io/ *.googleusercontent.com/ https://measurement-api.criteo.com/ https://maps.googleapis.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.doubleclick.net https://*.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://www.max.com.gt data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://analytics.tiktok.com https://*.s3.amazonaws.com  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://pagead2.googlesyndication.com https://vm3jxl0ue9.execute-api.us-east-1.amazonaws.com https://*.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'nonce-6905ed791b31acf005af0ce62a45ff46' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.google.com https://www.gstatic.com/recaptcha https://www.gstatic.com https://foodstandards.gov.au  https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://www.googletagmanager.com  https://foodstandards.gov.au  https://foodstandards.govt.nz data:; media-src 'self' data:; frame-src 'self' https://www.youtube.com https://www.google.com; font-src *.fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit.fontawesome.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.adsrvr.org *.google.com *.doubleclick.net *.optimizely.com *.facebook.com *.cookielaw.org *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com embed.signalintent.com *.optimizely.com cdn.segment.com *.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com *.btttag.com *.bing.com *.app-us1.com *.adsrvr.org *.doubleclick.net *.cookielaw.org www.google-analytics.com *.mypurecloud.com *.googleadservices.com *.pure.cloud *.aptrinsic.com *.bootstrapcdn.com js.monitor.azure.com *.facebook.net *.facebook.com trackcmp.net extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net snap.licdn.com;style-src 'self' 'unsafe-inline' use.fontawesome.com use.typekit.net embed.signalintent.com p.typekit.net *.mypurecloud.com *.googleapis.com *.aptrinsic.com *.jsdelivr.net *.bootstrapcdn.com extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com *.cloudfront.net;img-src 'self' data: bat.bing.com *.google.com www.google-analytics.com content-cdn.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.facebook.net *.facebook.com *.adsrrvr.org *.doubleclick.net *.yahoo.com *.cookielaw.org *.googlesyndication.com px.ads.linkedin.com embed.signalintent.com;font-src 'self' use.fontawesome.com embed.signalintent.com use.typekit.net *.mypurecloud.com *.gstatic.com *.googleapis.com *.cloudfront.net data:;connect-src 'self' ws: wss: *.googlesyndication.com signal-intent-production-back.herokuapp.com cdn.segment.com *.optimizely.com *.cookielaw.org calc-backend-prod.herokuapp.com d.btttag.com *.googleapis.com www.google-analytics.com api.segment.io *.doubleclick.net *.alaskausa.org *.bing.com *.aptrinsic.com *.episerver.net *.visualstudio.com *.google.com *.facebook.com finalyticsdata.com devfinalyticsdata.com stgfinalyticsdata.com px.ads.linkedin.com;block-all-mixed-content 1
object-src 'none';base-uri 'self';script-src 'nonce-aCSvIVD5B2vXMDnhIPU9Hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.appreciatehub.com *.google-analytics.com *.cloudflare.com https://*.googleapis.com https://*.pendo.io https://*.alamoapp.octanner.io https://*.api.octanner.net https://*.salesforce.com *.cloudinary.com https://s3.amazonaws.com/oc-images-api/* *.doubleclick.net *.octanner.net *.gstatic.com *.jwpcdn.com *.recaptcha.net https://www.gstatic.com/recaptcha/releases/*  wss://*.fathomvoice.com *.fathomvoice.com *.fonticons.com *.fortawesome.com 'unsafe-inline' 'unsafe-eval' data:; frame-src 'self' www.google.com www.recaptcha.net https://res.cloudinary.com; 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://api.company-target.com http://api.company-target.com api.company-target.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://match.prod.bidr.io http://match.prod.bidr.io match.prod.bidr.io https://segments.company-target.com http://segments.company-target.com segments.company-target.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline' 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-i5fHcl3GXSavgC65O71G+IgjJ9EMIDjmrGvdl5lB1QA='; base-uri 'self';report-to csp-endpoint 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https:           data:; font-src https: data:; report-uri /csp-report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.googletagmanager.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com https://www.google.com/ads/ https://www.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adobe.net *.getcloudcherry.com *.cloudcherry.com https://static.addtoany.com https://www.googletagmanager.com https://cdn.mouseflow.com https://connect.facebook.net https://js-agent.newrelic.com https://www.google.com https://bam.nr-data.net https://www.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com/css https://use.typekit.net https://p.typekit.net unsafe-inline downloads.mailchimp.com *.googleapis.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.magento.com *.adobedc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://maps.googleapis.com https://bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://get.geojs.io *.avada.io http://dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://score.juicyscore.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://stage.dev.digido.ph https://digido.ph https://static.site-chat.me wss://stage.dev.digido.ph wss://digido.ph data:; script-src 'sha256-O2NFiNIJLWVioFkCYBvt6hmJdPeXJ7MKeJpeB8eFwCQ=' 'nonce-9aRPDXsUbJUncsvT1mfeJg==' 'self' 'self' https://score.juicyscore.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://connect.facebook.net https://www.facebook.com https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://static.site-chat.me; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://digido.ph https://stage.dev.digido.ph https://www.facebook.com https://mc.yandex.ru https://mc.webvisor.org data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.facebook.com https://mc.yandex.ru blob:; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; child-src blob:  https://mc.yandex.ru; object-src 'none'; report-uri /prometheus-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=488cb812-5215-42d5-bf37-8ea5176fe51e-1715738343 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com data: *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src https://td.doubleclick.net/ fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com https://www.google.bg/ads/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net 'self' data: *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/g/collect?v=2&tid=G-76E3GBCNGQ&gtm=45je44o0v872704757z89102147186za200 https://google.com/pagead/form-data/516840342?gtm=45be44o0v890517535za200&gcs dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com t.elasticsuite.io *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; script-src www.googleadservices.com connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com http://www.googleadservices.com&async=1&rfmt=3&fmt=4 http://www.googleadservices.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.avada.io https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.googleapis.com maps.gstatic.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.mlstatic.com *.mercadopago.com maps.googleapis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubc4a3b5e4ac3c7d6a12f82c68d11176b8&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Alanding-page%2Cenv%3Aproduction; base-uri 'self'; connect-src 'self' https://*.browser-intake-datadoghq.com https://*.clarity.ms https://*.crazyegg.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googletagmanager.com https://*.hubspot.com https://*.hubspotusercontentf00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspotusercontent-na1.net https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.quora.com https://api-iam.intercom.io https://api.chilipiper.com https://api.company-target.com https://api.hsforms.com https://api.hubapi.com https://bat.bing.com https://browser-intake-datadoghq.com https://cdn.linkedin.oribi.io https://forms.hubspot.com https://ipv4.icanhazip.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://segments.company-target.com https://t.comparesoft.com https://tag-logger.demandbase.com https://tags.srv.stackadapt.com https://ws.zoominfo.com https://www.facebook.com wss://nexus-websocket-a.intercom.io; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com; frame-ancestors 'self' https://*.crazyegg.com https://app.mutinyhq.com https://tag.demandbase.com; frame-src 'self' https://*.crazyegg.com https://demo.maintainx-sandbox.com https://bid.g.doubleclick.net https://getmaintainx.chilipiper.com https://intercom-sheets.com https://s.company-target.com https://td.doubleclick.net https://www.facebook.com https://www.youtube.com; img-src 'self' data: https:; media-src 'self' https://js.intercomcdn.com https://videos.ctfassets.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.crazyegg.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hubspot.com https://*.mutinycdn.com https://*.quora.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com https://js.chilipiper.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscta.net https://js.hsleadflows.net https://js.intercomcdn.com https://s.comparesoft.com https://snap.licdn.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://tracking.g2crowd.com https://widget.intercom.io https://ws.zoominfo.com https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.googleoptimize.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; worker-src 'self' blob:; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.net *.facebook.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.facebook.net *.facebook.com https://fashionspark.com/media/logo/stores/1/logo-A.png https://wtcl1.fidelizador.com *.alothemes.com *.magepow.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.ampproject.org raw.githubusercontent.com https://api.impresee.com https://cdn.impresee.com api.impresee.com https://dev2.impresee.com dev2.impresee.com *.googleapis.com *.google.com *.gstatic.com *.facebook.net *.facebook.com https://d2iq7kcocq4ytp.cloudfront.net/owlcarousel2-2.2.0/owl.carousel.min.js https://cloudfront.barilliance.com/fashionpark.com/cbar.js.php https://s-eu-1.pushpushgo.com/js/5fad8f3ec4c96722c7121c3c.js https://js.hs-scripts.com/19491887.js https://s-eu-1.pushpushgo.com/scripts/61af4824b9aaca411a7676a0/push.js https://s-eu-1.pushpushgo.com/scripts/61af4824b9aaca411a7676a0/beacon.js https://js.usemessages.com/conversations-embed.js *.krip.cl/bciplus/script.js *.krip.cl bciplus.cl *.bciplus.cl/ms-loyalty-sales/v2/* *.alothemes.com *.magepow.com *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com https://d2iq7kcocq4ytp.cloudfront.net/owlcarousel2-2.2.0/assets/owl.carousel.min.css https://d2iq7kcocq4ytp.cloudfront.net/owlcarousel2-2.2.0/assets/owl.theme.default.min.css *.dev2.impresee.com *.impresee.com *.fontawesome.com *.alothemes.com *.magepow.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io cdn.ampproject.org https://api.impresee.com api.impresee.com https://dev2.impresee.com dev2.impresee.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.facebook.net *.facebook.com *.krip.cl *.bciplus.cl *.bciplus.cl/ms-loyalty-sales/v2/* *.alothemes.com *.magepow.com *.mercadopago.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.facebook.net *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.moncompteformation.gouv.fr dcinfos-cache.abtasty.com sdc.caissedesdepots.fr try.abtasty.com *.googleapis.com *.doubleclick.net adservice.google.com *.gstatic.com www.googletagmanager.com ariane.abtasty.com widgets.abtasty.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-dfba9b949b2f4b3a975a57c56b99d302' https://www.maisa.fi 'self' https://apomato.maisa.fi/matomo/matomo.js;img-src https://* 'self' blob: data:;connect-src 'self' https://apomato.maisa.fi/matomo/matomo.js https://apomato.maisa.fi/matomo/matomo.php;style-src https://www.maisa.fi 'self' 'unsafe-inline';form-action 'self' https://testi.apro.tunnistus.fi https://tunnistautuminen.suomi.fi https://www.terveyskyla.fi;media-src https://* 'self'; 1
script-src 'report-sample' 'strict-dynamic' 'nonce-ruHJtS988zuU' https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src * data: https:; img-src * data: https:; media-src * data: blob: https:; worker-src blob:; connect-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com; style-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com blob: https: 'unsafe-inline'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2a2917ee82a037666b50209749d4be3a&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketing%2Cenv%3Aproduction 1
font-src fonts.gstatic.com;frame-src https://vars.hotjar.com;default-src 'self';style-src 'self' 'unsafe-inline' https://emotivecdn.io *.emotiveapp.dev fonts.googleapis.com;connect-src https://api.segment.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emotivecdn.io *.emotiveapp.dev https://www.googletagmanager.com https://static.hotjar.com https://cdn4.mxpnl.com https://cdn.segment.com https://cdn.heapanalytics.com https://script.hotjar.com;frame-ancestors 'self' *.emotiveapp.dev https://setup-shop.emotiveapp.co *.myshopify.com;img-src 'self' data: https://heapanalytics.com 1
frame-ancestors 'self'; report-uri https://www.ntnews.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-gtfFle11fk154Eoitt3ydQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com refaccionesitalika.com.mx assets.adobedtm.com *.everesttech.net www.youtube.com adservice.google.com www.google-analytics.com *.googleadservices.com db.onlinewebfonts.com ssl.google-analytics.com metrics.hotjar.io www.google.com *.doubleclick.net *.omtrdc.net static.addtoany.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms s.yimg.jp ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms s.yimg.jp https://collect.worldoftanks.asia https://content-wg.gcdn.co ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; script-src 'nonce-2dd53cb9210148ed99626435d16f4317'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; style-src 'self' 'nonce-2dd53cb9210148ed99626435d16f4317'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=140-6673629-8947167:rid=D8E2F71B577C41399C57:sn=www.newworld.com 1
base-uri 'self'; child-src 'self' https: http://localhost:* data: blob:; connect-src 'self' https: http://localhost:* wss: data: blob:; default-src 'none'; font-src 'self' https: http://localhost:* http://themes.googleusercontent.com data:; form-action 'self'; frame-ancestors 'self' https://app.eu.pendo.io; frame-src 'self' https: http://localhost:* data: blob:; img-src 'self' https: data: blob:; media-src 'self' https: data:; script-src 'self' https: http://localhost:* blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: http://localhost:* data: 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://linnworks17.report-uri.com/r/d/csp/reportOnly 1
font-src cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com data: fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: secure-gateway.hipay-tpp.com *.hipay.com gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.google.fr cm.g.doubleclick.net/ maps.gstatic.com axeptio.imgix.net s.thebrighttag.com openstreetmap.org maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com static.axept.io www.google.fr maps.googleapis.com widget.trustpilot.com dynamic.criteo.com sslwidget.criteo.com *.zippopotam.us cdn.scalapay.com b2c-cdn.scalapay.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.hipay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.hipay.com wss://mpsnare.iesnare.com client.axept.io api.axept.io region1.google-analytics.com sslwidget.criteo.com maps.googleapis.com stats.g.doubleclick.net bam.nr-data.net *.zippopotam.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://player.vimeo.com  data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://static.queue-it.net https://assets.queue-it.net https://www.youtube.com https://player.vimeo.com https://cdn.jsdelivr.net 'nonce-FFHOMSnnjLtr24N9jT9fN4lHjSEpcnXkWjw9TuniJvM='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://vimeo.com https://cdn.jsdelivr.net; worker-src 'self' blob:;report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7b365ff4e383a8c546d53da7507a6fc0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=booker 1
base-uri 'self'; connect-src 'self' https://api.marker.io https://ka-p.fontawesome.com https://www.google-analytics.com; default-src 'self'; font-src 'self' data: https://ka-p.fontawesome.com; frame-src 'self' https://player.vimeo.com; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6446ea78f1e3671a29137943.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://code.jquery.com/jquery-3.6.1.min.js https://edge.marker.io/latest/shim.js https://go.bsr.org/analytics https://kit.fontawesome.com/4c40095e39.js https://pi.pardot.com/pd.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__en.js; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cloud.typography.com https://fast.fonts.net; worker-src 'none'; frame-src 'self' https://player.vimeo.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: l.evidon.com c.evidon.com www.google.com *.googleapis.com *.gstatic.com www.google-analytics.com cdn.jsdelivr.net bam.nr-data.net www.youtube.com region1.google-analytics.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.facebook.net c.ltmsphrcl.net static-tracking.klaviyo.com vc.hotjar.io adservice.google.com classic.avantlink.com cdn.userway.org *.hotjar.com assets.huntstand.com open.spotify.com t.sharethis.com ka-p.fontawesome.com app.huntstand.com www.google.com cdn77.api.userway.org *.googlesyndication.com js.getlasso.co sync.sharethis.com api.userway.org buttons-config.sharethis.com a.klaviyo.com www.google-analytics.com bcp.crwdcntrl.net platform-cdn.sharethis.com analytics.google.com *.doubleclick.net *.facebook.com data.stbuttons.click use.typekit.net *.gstatic.com p.typekit.net l.sharethis.com www.googletagmanager.com static.klaviyo.com *.addthis.com *.googleapis.com lasso.link platform-api.sharethis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org *.googleapis.com www.mybenefitscenter.com js.hcaptcha.com api.otcnetwork.com *.azure.com bam.nr-data.net js-agent.newrelic.com newassets.hcaptcha.com events.launchdarkly.com www.youtube.com app.launchdarkly.com clientstream.launchdarkly.com i.ytimg.com img.youtube.com *.b2clogin.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://www.googletagmanager.com https://maps.gstatic.com https://acdn.adnxs.com https://js.adsrvr.org *.ampproject.org https://websdk.appsflyer.com https://bat.bing.com https://*.bootstrapcdn.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://googleads.g.doubleclick.net https://connect.facebook.net https://app.five9.com https://*.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://d.impactradius-event.com https://*.insurify.com https://insurifycdn.com https://*.jquery.com https://*.klaviyo.com https://cdn.logrocket.io https://cdn.lr-in.com https://cdn.lr-ingest.io https://insurance.mediaalpha.com https://*.mixpanel.com https://*.mxpnl.com https://s.pinimg.com https://*.pinterest.com https://sc-static.net https://www.shopperapproved.com https://cdn.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://unpkg.com https://*.usersnap.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https://*.ampproject.org https://websdk.appsflyer.com https://bat.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://*.criteo.com https://*.criteo.net https://stats.g.doubleclick.net https://www.facebook.com https://app.five9.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.insurify.com https://insurify.com https://insurifycdn.com https://*.klaviyo.com https://*.logrocket.com https://*.logrocket.io https://*.lr-in.com https://*.lr-ingest.io https://*.makestories.io https://*.mixpanel.com https://*.mxpnl.com https://*.pinterest.com wss://ws.pusherapp.com https://insurify.sjv.io https://*.snapchat.com https://lux.speedcurve.com https://analytics.tiktok.com https://widget.trustpilot.com https://*.usersnap.com 'self'; img-src https://*.google.com https://*.googleapis.com https://www.google.bg https://www.google.com.pk https://www.googletagmanager.com https://maps.gstatic.com https://ib.adnxs.com https://websdk.appsflyer.com https://segment.prod.bidr.io https://*.bing.com https://*.clarity.ms https://*.cloudfront.net https://*.compare.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://www.gstatic.com https://insurifycdn.com *.makestories.io https://*.mediaalpha.com https://*.nextinsure.com https://*.pinterest.com https://www.shopperapproved.com https://*.snapchat.com https://lux.speedcurve.com https://*.storyblok.com https://cdn.transparent.ly https://widget.trustpilot.com https://*.usersnap.com https://sp.analytics.yahoo.com 'self' data:; style-src https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.ampproject.org https://widget.trustpilot.com 'self' 'unsafe-inline';base-uri 'self';form-action https://www.facebook.com https://tr.snapchat.com https://widget.trustpilot.com 'self';font-src https://*.insurify.com https://fonts.gstatic.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://insurifycdn.com https://widget.trustpilot.com 'self' data:;frame-src https://insight.adsrvr.org https://match.adsrvr.org https://cj.dotomi.com https://*.doubleclick.net https://www.emjcd.com https://www.facebook.com https://*.pinterest.com https://www.quotelab.com https://tr.snapchat.com https://widget.trustpilot.com https://app.usecanopy.com 'self';frame-ancestors 'self';media-src *.googlevideo.com 'self';worker-src 'self' blob:; report-uri https://report-uri.insurify.com/json 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com; worker-src 'self' blob:; upgrade-insecure-requests; report-uri https://o93495.ingest.sentry.io/api/1772648/security/?sentry_key=4ffb66d59a0344a186016dae83fcc148&sentry_environment=production 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-EnYa1IA+pGl/rxZPhIUNvQ==' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com https://view.ceros.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 1
frame-ancestors 'self'; report-uri https://www.bestrecipes.com.au/csp-reports 1
frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 1
font-src https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com https://analytics.akpress.org downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://analytics.akpress.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 1
default-src https:;frame-ancestors about: 'self';frame-src https://optimize.google.com *;style-src https://optimize.google.com https://fonts.googleapis.com https: data: 'unsafe-inline' *;script-src https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com * 'unsafe-inline' 'unsafe-eval';img-src https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data: *;font-src https://fonts.gstatic.com data: *;object-src 'none';connect-src * ws: wss:; report-uri https://res.destinia.com/web/csp-violation-report-endpoint; report-to default; 1
frame-ancestors 'self' https://www.bing.com https://www.google.at https://www.google.de https://*.search.yahoo.com; report-uri https://www.tudorwatch.com/csp-reports/?req_id=9e901e2 1
default-src 'self'; script-src 'unsafe-eval'; img-src data:; font-src *; frame-src * 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com plausible.io consent.cookiebot.com consentcdn.cookiebot.com localhost:3000; connect-src 'self' *.fontawesome.com api.addressy.com wss://ws.hotjar.com *.hotjar.com content.hotjar.io cable.us4.list-manage.com admin.cable.co.uk stats.g.doubleclick.net plausible.io localhost:3000; img-src 'self' data: *.cable.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com 54tgglb8.tinifycdn.com imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net consentcdn.cookiebot.com data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self'; frame-ancestors 'self'; media-src 'self'; script-src 'self' https: 'unsafe-inline' http://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/sdk.js; report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=trusted-mfe@v1.1&sentry_environment=prod 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk *.qumucloud.com static.ads-twitter.com t.co www.brightedge.com;https://public.tableau.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=5ac10755c7d60041&e=UmFuZG9tSVYkc2RlIyh9Ydd0dB4aihXum-X-R4e1os4GVUPKm1OSykZZv-6f5i_hsJTwlFW-XOikb0-dyR5AXA 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com;              style-src 'unsafe-inline' *;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn snap.licdn.com static.ads-twitter.com www.googletagmanager.com www.youtube.com fast.fonts.net  cdn-cms.azureedge.net    *.alicdn.com  *.google-analytics.com *.crazyegg.com *.googleadservices.com cdn.bizible.com                         cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net *.marketo.net        cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn *.marketo.net                         *.usabilla.com *.gstatic.com *.google.com  *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com        *.googleapis.com *.googletagmanager.com *.youtube.com *.moatads.com       cdn.onesignal.com *.swiftypecdn.com *.onesignal.com *.assets.zendesk.com easyid.scansafe.net       static-resource.com cdn-javascript.net gateway.zscaler.net easyid.scansafe.com gateway.zscloud.net       *.optnmnstr.com tribedone.org *.exeloncorp.com linkangood.com filter.nov.com rasenalong.com       osskanger.com yastatic.net;              connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com  *.pingdom.net *.doubleclick.net *.zdassets.com *.api.opmnstr.com plugin.ucads.ucweb.com easyid.scansafe.net;     frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com *.googleapis.com *.akamaihd.net *.facebook.com  ;     img-src 'self' data: *;      font-src 'self' data: *;     media-src 'self' data: *.gstatic.com  *.azureedge.net;      report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' bam.nr-data.net links.services.disqus.com cdn.cookielaw.org api.segment.io *.mapbox.com *.mux.com analytics.google.com www.google-analytics.com geolocation.onetrust.com wss: *.wahooligan.com; font-src 'self' cdn.wahooligan.com fonts.gstatic.com moz-extension data:; form-action 'self' www.wahooligan.com *.wahoofitness.com wahoofitness.zendesk.com api.wahooligan.com *.wahooligan.com; frame-src 'self' disqus.com metabase.wahooligan.com www.youtube-nocookie.com js.stripe.com; img-src 'self' cdn.wahooligan.com www.wahoofitness.com links.services.disqus.com www.gstatic.com www.google-analytics.com data: blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wahooligan.com www.google-analytics.com api.tiles.mapbox.com code.jquery.com cdn.segment.com cdnjs.cloudflare.com js.stripe.com js-agent.newrelic.com bam.nr-data.net bam.nr-data.com assets.zendesk.com static.zdassets.com cdn.cookielaw.org c.disquscdn.com optanon.blob.core.windows.net www.gstatic.com data: *.wahooligan.com; script-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com code.jquery.online code.jquery.com cdn.cookielaw.org cdn.segment.com bam.nr-data.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com optanon.blob.core.windows.net assets.zendesk.com www.google-analytics.com api.tiles.mapbox.com cdnjs.cloudflare.com geolocation.onetrust.com www.gstatic.com js.stripe.com *.wahooligan.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com cdn.cookielaw.org fonts.googleapis.com api.tiles.mapbox.com cdn.wahooligan.com c.disquscdn.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com cdn.cookielaw.org assets.zendesk.com api.tiles.mapbox.com fonts.googleapis.com www.gstatic.com; report-uri https://www.wahooligan.com/csp_reports 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cybersource.com www.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.online-metrix.net *.bglobale.com *.global-e.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com account.fetchify.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.bglobale.com *.global-e.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://images.unsplash.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.online-metrix.net *.bglobale.com *.global-e.com polyfill.io testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io thm.visa.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-d2lh1sj9To9JU1qHZZz6LA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';script-src 'self';style-src 'self';img-src 'self';font-src 'self';connect-src 'self';frame-src 'self' 1
script-src 'nonce-QLo6l1a79uDW47jkR52euA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-ZIeKTxr6rku5OUkbJjTaZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-307l2i4lB_cjMKKtTpJhJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-src 'self' https://static.addtoany.com https://*.youtube.com https://mastdata.com https://bhcc.maps.arcgis.com https://bhccportal.icasework.com https://*.infogram.com https://*.youtube-nocookie.com https://umap.openstreetmap.fr https://*.google.com https://avlive.apprenticeships.org.uk https://public.tableau.com https://player.vimeo.com https://www.facebook.com https://afs.googlesyndication.com https://www.ons.gov.uk https://*.adsensecustomsearchads.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://bhccportal.icasework.com https://*.infogram.com https://*.google.com https://*.brighton-hove.gov.uk https://partner.googleadservices.com https://public.tableau.com https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://cdn.ons.gov.uk assets.pinterest.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://stackpath.bootstrapcdn.com https://unpkg.com maps.google.com; frame-ancestors 'self'; report-uri https://www.brighton-hove.gov.uk/csp-report-uri/reportOnly 1
child-src 'self' bid.g.doubleclick.net *.bitexen.com www.google.com;  connect-src 'self' *.bitexen.com firebase.googleapis.com firebaseinstallations.googleapis.com salesiq.zoho.com salesiq.zohopublic.com sdkapi.netmera.com stats.g.doubleclick.net www.google-analytics.com api.intotheblock.com desk.zoho.com vts.zohopublic.com www.tradingview.com app.adjust.com app.adjust.net.in app.adjust.world fonts.gstatic.com koinbulteni.com region1.google-analytics.com wasm.regulaforensics.com;  font-src 'self' css.zohocdn.com fonts.gstatic.com css.zohocdn.com css.zohostatic.com;  form-action 'self' *.bitexen.com;  frame-ancestors 'self';  frame-src 'self' bid.g.doubleclick.net pixel.sitescout.com s.tradingview.com *.hcaptcha.com *.geetest.com *.bitexen.com www.google.com;  img-src 'self' data: *.bitexen.com pixel.sitescout.com salesiq.zohopublic.com sdkapi.netmera.com www.facebook.com www.google.com www.google.com.tr accounts.zoho.com googleads.g.doubleclick.net koinbulteni.com s3.eu-west-1.amazonaws.com ssl.google-analytics.com web.facebook.com www.google-analytics.com region1.google-analytics.com static.geetest.com static.geevisit.com www.gstatic.com *.hcaptcha.com www.googletagmanager.com;  manifest-src 'self';  script-src-attr 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.netmera-web.com connect.facebook.net firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com app.intotheblock.com code.jquery.com js-agent.newrelic.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com ssl.google-analytics.com d17nz991552y2g.cloudfront.net *.geetest.com *.geevisit.com;  script-src 'self' 'unsafe-eval' cdn.netmera-web.com js-agent.newrelic.com g792337344.co connect.facebook.net *.hcaptcha.com app.intotheblock.com firebasestorage.googleapis.com googleads.g.doubleclick.net js.zohocdn.com js.zohostatic.com ntm.netmera-web.com s3.tradingview.com salesiq.zoho.com secure.adnxs.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.geetest.com *.hcaptcha.com;  style-src-attr 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' data: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com css.zohocdn.com fonts.googleapis.com use.fontawesome.com css.zohostatic.com *.geetest.com *.hcaptcha.com;  style-src 'unsafe-eval' data: cdnjs.cloudflare.com css.zohocdn.com css.zohostatic.com fonts.googleapis.com *.hcaptcha.com *.geetest.com *.bitexen.com;  worker-src *.bitexen.com;  object-src 'none';  report-uri https://reporturi.bitexen.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * photos.pixlee.co 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pixlee.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.pxlecdn.com *.pixlee.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://inbound-analytics.pixlee.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.gs.com; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net https://cdn.appdynamics.com; connect-src 'self' wss://*.gs.com:* *.gs.com:* https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com ir-vh.akamaihd.net https://amp.akamaized.net  https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com *.datadoghq.com; img-src *.gs.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com; style-src 'unsafe-inline' *.gs.com:* https://fast.fonts.net; media-src 'self' *.gs.com ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com; frame-ancestors 'self' https://goldmansachs.experiencecloud.adobe.com:*; worker-src blob: *.gs.com:* *.gs.com:*; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.elev.io *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com cdn.consentmanager.net *.hotjar.com www.facebook.com https://www.googletagmanager.com/ *.klarna.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com validate.fishpig.co.uk *.googletagmanager.com fonts.gstatic.com *.consentmanager.net t.ssl.ak.dynamic.tiles.virtualearth.net r.bing.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jsd-widget.atlassian.com *.plugins.emarsys.net *.scarabresearch.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.consentmanager.net ecn.dev.virtualearth.net dev.virtualearth.net www.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net connect.facebook.net *.hotjar.com cdn.elev.io messenger.dixa.io *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com www.zeitung-direkt.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com www.facebook.com graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googletagmanager.com *.bing.com css/light.theme.css *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com m2test.hagel-shop.de www.hagel-shop.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com jsd-widget.atlassian.com api-private.atlassian.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com stats.g.doubleclick.net maps.googleapis.com www.bing.com *.hotjar.com wss://wsp30.hotjar.com/ *.hotjar.io *.elev.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com *.highcountrygardens.com *.hotjar.com *.stripe.com; report-uri /.webscale/csp-report 1
default-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; script-src  'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googletagmanager.com https://*.googletagmanager.com https://epoq-systems.de http://epoq-systems.de https://*.epoq-systems.de http://*.epoq-systems.de https://epoq.de http://epoq.de https://*.epoq.de http://*.epoq.de https://google.com https://*.google.com https://googleanalytics.com https://*.googleanalytics.com https://google-analytics.com https://*.google-analytics.com https://googlesyndication.com https://*.googlesyndication.com https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://googleadservices.com https://*.googleadservices.com bat.bing.com https://*.hotjar.com https://*.hotjar.io https://datatrans.com https://*.datatrans.com https://cookielaw.org https://*.cookielaw.org https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com *.kameleoon.eu 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com exlibris.azureedge.net exlibris.blob.core.windows.net https://epoq.de https://*.epoq.de https://migros.ch https://*.migros.ch https://*.google.de https://*.google.ch https://*.google.com https://*.google.it https://*.google.li https://*.google.tn https://*.google.co.uk https://*.google.com.sa https://*.google.ba https://google-analytics.com https://*.google-analytics.com https://google-analytics.ch https://*.google-analytics.ch https://google.com https://*.google.com https://analytics.google.com https://*.analytics.google.com https://analytics.google.ch https://*.analytics.google.ch https://googleapis.com https://*.googleapis.com bat.bing.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://onetrust.io https://*.onetrust.io https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://hotjar.com https://raygun.io https://*.raygun.io *.kameleoon.io; style-src 'self' 'unsafe-inline' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googleapis.com https://*.googleapis.com https://google.com https://*.google.com fast.fonts.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de; img-src 'self' dhttps data: https://baqend.com https://*.baqend.com https://exlibris.ch https://*.exlibris.ch https://googletagmanager.com https://*.googletagmanager.com exlibris.azureedge.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://*.google.de https://*.google.ch https://*.google.at https://*.google.fr https://*.google.hr https://*.google.dz https://*.google.nl https://*.google.es https://*.google.it https://*.google.li https://*.google.lu https://*.google.sc https://*.google.si https://*.google.co.uk https://*.google.co.in https://*.google.com https://*.google.com.pa https://*.google.com.ph https://*.google.com.gh https://*.google.com.tr https://*.google.com.br https://*.google.com.cy https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io bat.bing.com https://cookielaw.org https://*.cookielaw.org optanon.blob.core.windows.net exlibris.blob.core.windows.net https://migros.ch https://*.migros.ch https://ytimg.com https://*.ytimg.com; media-src 'self' data https://exlibris.ch https://*.exlibris.ch exlibris.blob.core.windows.net https://*.phononet.de/ exlibris.azureedge.net; frame-src 'self' https://exlibris.ch https://*.exlibris.ch https://google.de https://*.google.de https://google.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://googlesyndication.com https://*.googlesyndication.com https://youtube.com https://*.youtube.com https://datatrans.com https://*.datatrans.com https://bic-media.com https://*.bic-media.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://doubleclick.net https://*.doubleclick.net https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://tradedoubler.com https://*.tradedoubler.com https://blickinsbuch.de https://*.blickinsbuch.de https://book2look.com https://*.book2look.com https://postfinance.ch https://*.postfinance.ch https://viseca.ch/ https://*.viseca.ch/ https://bonuscard.ch/ https://*.bonuscard.ch/ https://3ds.bonuscard.ch/ https://*.3ds.bonuscard.ch/ https://arcot.com/ https://*.arcot.com/ https://*.trustpilot.com https://pay.google.com https://sandbox.secure.checkout.visa.com https://3d.datatrans.com https://3d.sandbox.datatrans.com; font-src 'self' data https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io; manifest-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; frame-ancestors 'self' https://exlibris.ch https://*.exlibris.ch; report-uri /loc/csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com *.googleapis.com *.fontawesome.com *.richpanel.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trysera.com www.xtento.com *.google.com/ https://www.youtube.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ammunitiondepot.com *.facebook.com *.symantec.com *.exitintel.com *.cloudfront.net credova.com *.credova.com *.clickagy.com *.adxcel-ec2.com *.googe.com *.provenpixel.com *.rlcdn.com *.google.com *.espssl.com *.searchspring.net *.google.co.in *.videoly.co *.ytimg.com *.listrakbi.com *.googleapis.com https://guarantee-cdn.com *.amped.io store.paradoxlabs.com *.amazonaws.com *.richpanel.com www.xtento.com cdn.xtento.com https://www.magezon.com maps.gstatic.com *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com cdn.ampproject.org raw.githubusercontent.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.hiconversion.com *.edgeme.sh *.searchspring.io *.searchspring.net *.ammunitiondepot.com *.facebook.com *.facebook.net *.symantec.com *.exitintel.com *.gorgias.io *.credova.com *.listrakbi.com *.crazyegg.com *.qualaroo.com *.cloudfront.net *.listrak.com *.clickagy.com *.provenpixel.com *.gstatic.com *.newrelic.com *.nr-data.net *.videoly.co *.nofraud.com https://guarantee-cdn.com *.sumo.com *.amped.io *.richpanel.com www.xtento.com cdn.xtento.com https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.google.com/ *.authorize.net https://cdn.searchspring.net/intellisuggest/is.min.js maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.listrakbi.com *.searchspring.net *.richpanel.com *.googleapis.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.richpanel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.googleapis.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.edgeme.sh *.doubleclick.net *.listrak.com *.listrakbi.com *.searchspring.io *.searchspring.net *.signifyd.com *.signifyd.com:* bt.signifyd.com *.cloudfront.net *.crazyegg.com *.clickagy.com *.nr-data.net *.credova.com *.google.com *.mmapiws.com https://bl.listrakbi.com *.sumo.com *.amped.io *.tryamped.com https://sumo.com https://services.nofraud.com https://ipapi.co *.richpanel.com wss://*.richpanel.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net https://beacon.searchspring.io/beacon https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clarity.ms docs.google.com secure.safecharge.com www.coolbet.com launcher-eu1.fh8labs.com bintu.nanocosmos.de wss://www.coolbet.com bshots.egcvi.com tracker.ads.sportradar.com *.seondfresolver.com api.geetest.com a.sportradarserving.com widgets.sir.sportradar.com assets.trustly.com www.youtube.com bat.bing.com coolbet.betstream.betgenius.com *.facebook.com aeucw.playngonetwork.com coolbet.evo-games.com mga-cdn.spinomenal.io client.pragmaticplaylive.net demogamesfree.jtmmizms.net lmt.fn.sportradar.com ps10.pndsn.com www.google.com edge.fullstory.com region1.google-analytics.com static.trackedweb.net *.bidr.io gamelauncher.contentmedia.eu r.redirect09.net *.gstatic.com www.googletagmanager.com player.eu.regulated2.pushgaming.com r.redirect06.net *.twitter.com mobile3.gameassists.co.uk ps3.pndsn.com vs.lc-stakelogic.com r.redirect07.net server.seadform.net *.facebook.net tm.ads.sportradar.com ps9.pndsn.com cdn.seondf.com *.adsrvr.org ps17.pndsn.com ps11.pndsn.com *.sentry.io etiloaderqf2.gameassists.co.uk scripts.prdredir.com cdn.jsdelivr.net r.redirect08.net ps20.pndsn.com microgaming-l1.inspiredvirgo.com *.doubleclick.net google.com r.redirect10.net *.googleapis.com serving.bepolite.eu www.google.com.ec gateway.zignsec.com adservice.google.com redirector3.valueactive.eu zz.connextra.com ps13.pndsn.com ps5.pndsn.com staticpff.yggdrasilgaming.com ps1.pndsn.com api.geevisit.com t.co cdn.safecharge.com www.1x2gamingcdn.com cdn.edgetier.com wlcoolbet.adsrv.eacdn.com login-mt.onegameslink.com ea6552360e.wvdudkswnr.net ps15.pndsn.com *.cloudfront.net r.redirect01.net api.paymentiq.io ps12.pndsn.com coolbetsw-dk1.pragmaticplay.net games-coolbet.onegameslink.com tag.growthbuddy.app cdn.cookielaw.org ps8.pndsn.com *.bidswitch.net tracker.growthbuddy.app etiloaderqf3.gameassists.co.uk www.google-analytics.com ps18.pndsn.com *.ads-twitter.com ps7.pndsn.com static.contentmedia.eu coolbet-prod-gen2.sportcastlive.com ps19.pndsn.com cdn.kustomerapp.com payment.truelayer.com secure.adnxs.com *.onetrust.com static-live.hacksawgaming.com www.google.cl rs.fullstory.com 1x2qflive.com demogamesfree.pragmaticplay.net cf-mt-cdn2.relaxg.com mobile2.gameassists.co.uk gamelauncher.gameassists.co.uk *.googleadservices.com ps6.pndsn.com *.imgix.net wss://coolbet.edgetier.com *.googlesyndication.com malta.nolimitcdn.com lb.1x2networkhubmalta.com translate.google.com coolbet.api.kustomerapp.com games.pragmaticplaylive.net r.redirect05.net ngs.gs-stakelogic.com *.adform.net checkout.trustly.com prdredir.com mobile3.risemi.net staticlive.yggdrasilgaming.com *.onegameslink.com ps16.pndsn.com fmtcw.playngonetwork.com coolbet.edgetier.com r.redirect04.net *.rackcdn.com public-prod-gen2.sportcastlive.com static.geetest.com ps14.pndsn.com ps4.pndsn.com ps2.pndsn.com accounts.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://wcfins.report-uri.com/r/t/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-VEGVhUZbNo4GVpJsTwuvrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.alothemes.com *.magepow.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'nonce-OzeMR6Z9bRTL9nIzLSAGqOWX' 'strict-dynamic' http: https:; base-uri 'none';  1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 1
object-src 'none';base-uri 'self';script-src 'nonce-TwWByaRZB82npduN4qdO1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-b4d85b8e9cee293b56858d936d4e6c5d' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://dev.visualwebsiteoptimizer.com 'nonce-e6e0e99dedc964a753d8334e3ade1e3c' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-e6e0e99dedc964a753d8334e3ade1e3c';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=hp-vhp-mfe%401.269.0&sentry_environment=prod 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/wallet_google 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.linkedin.com npmcdn.com *.googleadservices.com www.google.com cdnjs.cloudflare.com class-public-1.s3.ap-southeast-2.amazonaws.com www.google-analytics.com analytics.google.com go.class.com.au www.googletagmanager.com *.googleapis.com *.doubleclick.net www.google.com.au adservice.google.com *.gstatic.com unpkg.com *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-rysgTLtcT3n36MA2lwa66w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' ws:; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1ZbHw2P3gZYIkWoTfRX9qA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com/ *.fontawesome.com 'self' *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://maps.google.com/ https://www.google.com/ js.mollie.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://www.magezon.com https://www.mollie.com https://med-euw3c.squarelovin.com/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdnjs.cloudflare.com/ *.googletagmanager.com *.facebook.net *.google.com js.mollie.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com cc-cdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-AeUnZQQt4o1ttCMawFlTmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' data: *.fontawesome.com *.google-analytics.com *.doubleclick.net *.google.com googletagmanager.com *.acsbapp.com wss://webmessaging.usw2.pure.cloud *.pure.cloud *.userway.org *.alive5.com alive5.com;default-src 'self' data: d13qcyivyon4xf.cloudfront.net *.recollect.net www2.elpasotexas.gov *.piktochart.com elpasotx.citysourced.com alive5.com *.pure.cloud td.doubleclick.net *.userway.org *.powerbigov.us;font-src 'self' data: *.gstatic.com *.fontawesome.com *.jsdelivr.net *.typekit.net *.fastly.net acsbapp.com *.userway.org;img-src 'self' data: *.google.com *.googleapis.com *.google-analytics.com *.jsdelivr.net *.fastly.net *.recollect.net *.piktochart.com *.userway.org *.alive5.com;script-src 'self' 'nonce-d5e956c063bface1' *.fontawesome.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' *.cloudflare.com *.jsdelivr.net *.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' googletagmanager.com acsbapp.com *.pure.cloud *.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' *.userway.org alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' *.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=';style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.google.com *.jsdelivr.net *.typekit.net *.fastly.net alive5.com *.userway.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-y45AC2Pe_ss3h0sewBMWrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com https://use.typekit.net https://c1.sfdcstatic.com/ data: 'self'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.facebook.com 'self'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to https://www.facebook.com https://*.doubleclick.net https://sweepwidget.com https://*.moneris.com https://*.force.com https://*.visualforce.com https://*.my.salesforce.com/ https://*.my.salesforce-sites.com/ www.xtento.com https://*.online-metrix.net https://imgs.signifyd.com 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com maps.googleapis.com *.trackedlink.net *.nosto.com *.nos.to https://*.sail.ca https://sail.ca https://imgs.signifyd.com https://www.facebook.com https://analytics.tiktok.com https://maps.gstatic.com https://*.bing.com https://c.clarity.ms https://*.powerreviews.com https://res.cloudinary.com https://*.doubleclick.net https://ws1.postescanada-canadapost.ca https://services.postcodeanywhere.co.uk https://*.searchspring.io https://d3cgm8py10hi0z.cloudfront.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.igodigital.com/ https://*.cookielaw.org *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com www.xtento.com cdn.xtento.com imgs.signifyd.com https://*.online-metrix.net data: 'self'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com maps.googleapis.com developers.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.nosto.com *.nos.to https://*.sail.ca https://sail.ca https://*.doubleclick.net https://imgs.signifyd.com https://cdn.searchspring.net https://api-cache.searchspring.io https://www.google.com https://www.gstatic.com https://sweepwidget.com https://connect.facebook.net https://www.googleadservices.com https://*.bing.com https://secure.adnxs.com https://*.clarity.ms https://*.powerreviews.com https://ws1.postescanada-canadapost.ca https://*.googlesyndication.com https://analytics.tiktok.com https://*.igodigital.com/ https://*.cookielaw.org https://*.salesforceliveagent.com https://*.my.salesforce.com/ https://*.force.com https://cdnjs.cloudflare.com/ *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com www.xtento.com cdn.xtento.com cdn-scripts.signifyd.com imgs.signifyd.com https://cdn-scripts.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.nosto.com *.nos.to https://*.sail.ca https://sail.ca https://cdn.searchspring.net https://ui.powerreviews.com https://ws1.postescanada-canadapost.ca https://*.typekit.net https://*.force.com 'self' 'unsafe-inline'; object-src 'self'; media-src *.adobe.com 'self'; manifest-src 'self'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.nosto.com *.nos.to https://*.signifyd.com:* https://*.searchspring.io https://analytics.google.com https://www.google-analytics.com https://www.google.ca https://maps.googleapis.com https://*.doubleclick.net https://*.clarity.ms https://*.bing.com https://*.powerreviews.com https://ws1.postescanada-canadapost.ca https://www.facebook.com/ https://*.sail.ca https://*.googlesyndication.com https://analytics.tiktok.com https://*.cookielaw.org https://*.onetrust.com https://*.force.com https://imgs.signifyd.com 'self'; child-src http: https: blob: 'self'; default-src 'self'; base-uri 'self'; report-uri https://sail.report-uri.com/a/d/g; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-WTa83IAg47DuVELJjnh3EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8pVrK_Vd6S2irZBoc5DQuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HAwWryVmiNLREhWqkD1Ibw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'unsafe-eval'; script-src-elem 'unsafe-inline'; style-src-elem 'unsafe-inline' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.3lift.com https://*.adform.net https://*.adyen.com https://*.afterpay.nl https://*.afterpay.be https://*.algolia.io  https://*.amazon.com https://*.amazonaws.com https://*.americanexpress.com https://*.awin1.com https://*.billiger.de https://*.bing.com https://*.brille24.de https://*.cardinalcommerce.com https://*.contentsquare.net https://*.clarity.ms https://*.criteo.com https://*.criteo.net https://*.dotomi.com https://*.dmxleo.com https://*.doubleclick.net https://*.dwin1.com https://*.emsecure.net https://*.emjcd.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.be https://*.google.fr https://*.google.es https://*.google.pt https://*.google.com https://*.google.de https://*.google.nl https://*.google.com.my https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gsitrix.com https://*.gstatic.com https://*.honey.io https://*.klarnacdn.net https://*.liveperson.net https://*.iconify.design https://*.lpsnmedia.net https://*.mczbf.com https://*.media-amazon.com https://*.outbrain.com https://*.payments-amazon.com https://*.paypal.com https://*.paypalobjects.com https://*.postrelease.com https://*.pushalert.co https://*.run.app https://*.slgnt.eu https://*.sovendus.com https://*.taboola.com https://*.trustpilot.com https://tsdtocl.com https://*.tsdtocl.com https://*.twiago.com https://*.usercentrics.eu https://*.userwerk.com https://*.wepowerconnections.com https://*.windows.net https://ad.360yield.com https://ad.yieldlab.net https://beacon.krxd.net https://brille24.zendesk.com https://cdn.jsdelivr.net https://cdn.noibu.com https://*.nr-data.net https://cdn.polyfill.io https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://ekr.zdassets.com https://exchange.mediavine.com https://*.nr-data.net https://*.newrelic.com https://*.redintelligence.net https://*.redsys.es https://code.iconify.design https://ib.adnxs.com https://id5-sync.com https://input.noibu.com https://lpcdn.lpsnmedia.net https://match.sharethrough.com https://matching.ivitrack.com https://*.revcontent.com https://placehold.co https://pixel.rubiconproject.com https://r.casalemedia.com https://*.rsa3dsauth.co.uk https://rtb-csync.smartadserver.com https://s.thebrighttag.com https://*.securesuite.co.uk https://secure.adnxs.com https://*.sentry.io https://simage2.pubmatic.com https://static.zdassets.com https://sync-criteo.ads.yieldmo.com https://ups.analytics.yahoo.com https://*.yahoo.net https://v2assets.zopim.io https://via.placeholder.com https://visitor.omnitagjs.com https://uploads-ssl.webflow.com https://widget.trustpilot.com https://www.youtube.com https://*.youtube-nocookie.com https://x.bidswitch.net wss://input.noibu.com wss://widget-mediator.zopim.com; report-uri https://log.mgt-b24.de/messages.json; frame-ancestors 'self' https://*.brille24.de; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com region1.google-analytics.com *.doubleclick.net www.google-analytics.com cdnjs.cloudflare.com consent.cookiebot.com imgsct.cookiebot.com www.googletagmanager.com df.marketdata.feeds.iress.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.arcgis.com *.azure.com unpkg.com cdn.jsdelivr.net code.jquery.com *.doubleclick.net *.gstatic.com cityofsantamonica.getbynder.com ka-f.fontawesome.com *.googleapis.com kit.fontawesome.com www.google-analytics.com www.googletagmanager.com translate.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-UHL1Bc0x9jkDUWU8x7iu0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://*.wistia.com https://tech.chanzuckerberg.com https://secure.gravatar.com https://*.fbcdn.net https://www.googletagmanager.com https://no-cache.hubspot.com https://perf.hsforms.com https://chanzuckerberg.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://t.co https://analytics.twitter.com https://pubads.g.doubleclick.net https://embed-ssl.wistia.com data: https://www.google.com https://*.linkedin.com https://*.adsymptotic.com https://pixel.wp.com https://cdn.cookielaw.org https://www.google.com.pa https://*.akamaihd.net https://*.w.org https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com 'self' https://www.google.se https://www.google.pt https://www.google.nl https://www.google.lt https://www.google.ie https://www.google.fr https://www.google.es https://www.google.com.sg https://www.google.com.ng https://www.google.com.mx https://www.google.com.hk https://www.google.com.et https://www.google.com.eg https://www.google.com.br https://www.google.com.au https://www.google.co.uk https://www.google.co.in https://www.google.cl https://www.google.ca https://px.ads.linkedin.com https://cds.taboola.com https://www.google.de https://trc.taboola.com https://www.google.it https://www.google.at https://www.google.ch https://www.google.co.il https://www.google.com.ph https://www.google.com.co https://www.google.co.za https://www.google.co.kr https://www.google.gr https://www.google.is https://www.google.com.ar https://www.google.dk https://www.google.co.jp https://www.google.co.id https://www.google.co.ke https://www.google.com.tw https://www.google.pl https://s3.amazonaws.com https://www.google.hu https://www.google.co.zm https://www.google.com.bd https://www.google.am https://www.google.com.my https://www.google.com.vn https://www.google.ru https://www.google.com.pk https://www.google.cz https://www.google.lk https://www.google.co.nz https://www.google.com.gh https://www.google.ae https://www.google.com.tr https://www.google.kz https://www.google.be https://www.google.co.th https://www.google.com.uy https://www.google.rs https://exceptions.hs-embed-reporting.com https://www.google.cn https://www.google.com.ec https://www.google.no https://www.google.sc https://www.google.cd https://www.google.so https://www.google.bg https://www.google.com.ua https://www.google.gm;connect-src https://*.wistia.com https://*.akamaihd.net https://*.litix.io https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://script.crazyegg.com https://js.hs-banner.com https://forms.hubspot.com https://www.facebook.com https://api.hubapi.com https://www.google-analytics.com https://chanzuckerberg.com https://distillery.wistia.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://plausible.io https://*.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://trc-events.taboola.com https://cds.taboola.com https://pips.taboola.com https://bcp.crwdcntrl.net https://trc.taboola.com https://region1.google-analytics.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://use.typekit.net https://csp-report.browser-intake-datadoghq.com https://p.typekit.net;style-src-elem https://s0.wp.com 'unsafe-inline' https://chanzuckerberg.com https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.googletagmanager.com 'self' https://hud.crazyegg.com;font-src https://s0.wp.com https://chanzuckerberg.com https://use.typekit.net data: https://fonts.gstatic.com 'self' https://fast.wistia.com https://at.alicdn.com;frame-src https://widgets.wp.com https://www.youtube.com https://www.facebook.com https://www.instagram.com 'self' https://forms.hsforms.com https://www.today.com https://forms.hubspot.com https://fast.wistia.com https://hud.crazyegg.com https://js.hsadspixel.net https://m.facebook.com https://tsdtocl.com;style-src-attr 'unsafe-inline' 'self';style-src https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline' https://chanzuckerberg.com https://use.typekit.net https://p.typekit.net https://*.googletagmanager.com 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googletagmanager.com https://app.wistia.com https://cdn.cookielaw.org https://cdn.taboola.com https://cdnjs.cloudflare.com https://chanzuckerberg.com https://connect.facebook.net https://cta-service-cms2.hubspot.com https://fast.wistia.com https://forms.hsforms.com https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://me.kis.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com https://platform.instagram.com https://plausible.io https://s0.wp.com https://script.crazyegg.com https://snap.licdn.com https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://stats.wp.com https://tagmanager.google.com https://tags.crwdcntrl.net https://trc.taboola.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.pagespeed-mod.com https://track.hubspot.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googletagmanager.com https://app.wistia.com https://cdn.cookielaw.org https://cdn.taboola.com https://cdnjs.cloudflare.com https://chanzuckerberg.com https://connect.facebook.net https://cta-service-cms2.hubspot.com https://fast.wistia.com https://forms.hsforms.com https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://me.kis.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com https://platform.instagram.com https://plausible.io https://s0.wp.com https://script.crazyegg.com https://snap.licdn.com https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://stats.wp.com https://tagmanager.google.com https://tags.crwdcntrl.net https://trc.taboola.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.pagespeed-mod.com https://track.hubspot.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: unpkg.com universal.iperceptions.com pnapi.invoca.net *.bluecrossmn.com *.akamaihd.net metrics.brightcove.com api.stellahealth.net solutions.invocacdn.com manifest.prod.boltdns.net *.facebook.net *.qualtrics.com edge.api.brightcove.com *.brightcove.net www.youtube.com *.gstatic.com api.iperceptions.com s.gravatar.com js-agent.newrelic.com bam.nr-data.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net adservice.google.com use.typekit.net *.wisdomtree.com *.gstatic.com p.typekit.net *.clarity.ms *.twitter.com *.facebook.com rum-static.pingdom.net bat.bing.com cdn.evgnet.com api.wisdomtreeprimeapp.com *.doubleclick.net *.ads-twitter.com www.socialintents.com www.googletagmanager.com consentcdn.cookiebot.com rum-collector-2.pingdom.net pt.ispot.tv ad.wsod.com www.google-analytics.com beacon.etfflows.com *.googleadservices.com www.google.com *.linkedin.com consent.cookiebot.com region1.google-analytics.com imgsct.cookiebot.com vettafi.com t.co *.evergage.com *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 1
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://aws-staging-aeroprecisionusa.smarterspecies.com https://aws-staging-2-aeroprecisionusa.smarterspecies.com/ https://www.aeroprecisionusa.com blob: http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' *.avantlink.com www.gstatic.com *.authorize.net 'self'; form-action 'self' https://enews.aeroprecisionusa.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://cdn.listrakbi.com https://mediacdn.espssl.com *.adobe.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://cdn.listrakbi.com https://s1.listrakbi.com https://m1.listrakbi.com https://at1.listrakbi.com https://www.google-analytics.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js.hs-scripts.com https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://f.vimeocdn.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://js.hs-analytics.net https://static.zdassets.com https://widget-mediator.zopim.com/ https://bam-cell.nr-data.net/ https://cdn.quantummetric.com https://plugin.credova.com https://tags.clickagy.com https://tags.clickagy.com/  https://widget.gleamjs.io assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.elfsight.com *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.kaptcha.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.authorize.net sandbox-assets.secure.checkout.visa.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://js.hs-banner.com https://bat.bing.com https://ekr.zdassets.com https://plugin.credova.com/plugin.min.js https://www.youtube.com https://bl.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/ *.adobe.com 'self' 'unsafe-inline'; img-src 'self' https://stats.g.doubleclick.net https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bat.bing.com https://bam.nr-data.net https://www.googletagmanager.com https://track.hubspot.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://pippio.com https://d2df4e9l5rljaz.cloudfront.net https://api.delivrabl.net https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://yotpo-editor-production.s3.amazonaws.com https://aa.agkn.com https://sync.crwdcntrl.net https://pixel-sync.sitescout.com https://d.agkn.com https://region1.google-analytics.com https://v2assets.zopim.io  https://js.gleam.io assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://files.elfsightcdn.com store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com https://sca1.listrakbi.com https://img.youtube.com https://via.placeholder.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com https://ssl.kaptcha.com https://hemsync.clickagy.com  https://gleam.io fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com www.google.com https://plumrocket.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com https://tst.kaptcha.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ https://yotpo-stool.s3.amazonaws.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com https://maxcdn.bootstrapcdn.com https://993ecd1fa9.nxcli.io *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api2.authorize.net/ https://js.authorize.net https://jstest.authorize.net https://apitest.authorize.net https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://www.google-analytics.com https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://oc.listrakbi.com/coupon https://enews.aeroprecisionusa.com/ https://aeroprecisionsupport.zendesk.com/ https://aeroprecision-app.quantummetric.com/ https://rl.quantummetric.com/ https://region1.google-analytics.com https://aorta.clickagy.com https://hemsync.clickagy.com https://maps.googleapis.com https://vimeo.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.service.elfsight.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaptcha.com *.authorize.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://api2.authorize.net wss://widget-mediator.zopim.com https://onsite-api.listrak.com https://product.listrakbi.com https://bl.listrakbi.com https://stats.g.doubleclick.net https://aeroprecision-app.quantummetric.com https://rl.quantummetric.com https://sandbox-lending-api.credova.com https://lending-api.credova.com 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; 1
default-src 'self' cdn.yellowmessenger.com fonts.gstatic.com www.g2.com; script-src 'self' f.vimeocdn.com js-agent.newrelic.com cdn.yellowmessenger.com pi.pardot.com bam.nr-data.net go.leadspace.com cdnjs.cloudflare.com sfc.leadspace.com www.googletagmanager.com cmp.osano.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com stats.sa-as.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com connect.facebook.net tracking.g2crowd.com static.hotjar.com www.g2.com script.hotjar.com platform.twitter.com static.ads-twitter.com; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com www.g2.com; img-src 'self' www.g2.com px.ads.linkedin.com media-exp1.licdn.com stats.sa-as.com px4.ads.linkedin.com www.google.com p.adsymptotic.com www.facebook.com cdn.yellowmessenger.com 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
font-src fonts.gstatic.com use.typekit.net *.sagepay.com *.fontawesome.com www.searchanise.com *.searchserverapi.com staticw2.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.sagepay.com www.searchanise.com *.searchserverapi.com *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com www.searchanise.com *.searchserverapi.com *.twitter.com *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.livechatinc.com *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.awin1.com *.zenaps.com services.postcodeanywhere.co.uk *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com cdn.livechatinc.com api.livechatinc.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.yotpo.com swellrewards.com *.swellrewards.com *.1account.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com services.postcodeanywhere.co.uk *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.1account.net *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.amplitude.com stats.g.doubleclick.net https://the.sciencebehindecommerce.com bam.nr-data.net bam-cell.nr-data.net services.postcodeanywhere.co.uk api.livechatinc.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-A0rLwQd0xNvMGhsn5LEv5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LGCsuMxNpWfCds-URYZJ1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DiFsuUylycoLMWyqOHM2Qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data: https://mm.dimu.org/image/; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://openseadragon.github.io https://cdn.polyfill.io http://ajax.googleapis.com/ajax/libs/jquery/; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://api.dimu.org https://nkl.snl.no/api/; report-to main-endpoint; report-uri /api/CspReports/ReportAsync; 1
default-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; connect-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com jhnet.kerberos.okta.com jhnet.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; style-src 'unsafe-inline' 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com; frame-src 'self' jhnet.okta.com jhnet-admin.okta.com sso.jhnet.com login.okta.com; img-src 'self' jhnet.okta.com sso.jhnet.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' jhnet.okta.com sso.jhnet.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-JGmUoo3YCuXHEpI8PwxpSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.opmnstr.com assets.pixlee.com www.tremblant.ca aws-cdn.inntopia.com cdn.cookielaw.org a.omappapi.com *.youtube-nocookie.com www.pages08.net assets.pxlecdn.com www.google-analytics.com *.everesttech.net api.trustyou.com *.clarity.ms z.omappapi.com monttremblant.wufoo.com tremblantwebcams.com sdk.inbenta.io engagefront.theweathernetwork.com img.youtube.com events.mapbox.com www.youtube.com *.vimeo.com *.demdex.net *.onetrust.com www.google.com v4.mtnfeed.com streaming.tremblant.ca cookies.alterramtnco.com analytics.google.com *.doubleclick.net *.omtrdc.net transact.tremblant.ca vimeo.com p.typekit.net api.omappapi.com www.googletagmanager.com kit.fontawesome.com images.inntopia.com www.datadoghq-browser-agent.com api-gcu1.inbenta.io bat.bing.com *.facebook.net mtnpowder.com assets.adobedtm.com *.adsrvr.org session-replay.browser-intake-us3-datadoghq.com api.mapbox.com www.wufoo.com *.facebook.com region1.analytics.google.com cams.mtnfeed.com adservice.google.com medias.tremblant.ca dashboard.engagefront.com i.vimeocdn.com www.google.ca code.jquery.com use.typekit.net www.sc.pages08.net photos.pixlee.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-WlL6LdLB2YfYOJbyEP_tmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.weeklytimesnow.com.au/csp-reports 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com *.onetrust.com cdn.cookielaw.org https://storage.googleapis.com/snowplow-cto-office-tracker-bucket/3.1.1/sp.js https://snowplow.visma.com/com.snowplowanalytics.snowplow/tp2 *.sharethis.com www.gstatic.com easycruit.com; img-src 'self' data: * 'unsafe-inline' 'unsafe-eval'; report-uri https://easycruit.com/api/logging/v1/csp-report 1
default-src 'none';base-uri 'self';connect-src 'self' wss: *.hotjar.io *.hotjar.com www.google-analytics.com *.mapquestapi.com *.360-value.com *.mapquest.com *.mqcdn.com maps.googleapis.com *.donegalgroup.com *.hotjar.com *.google.com nautilustest.donegalgroup.com region1.google-analytics.com www.googletagmanager.com nautilusqa.donegalgroup.com *.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com *.360-value.com;frame-ancestors 'self' *.donegalgroup.com test-writepro.donegalgroup.com test-www.donegalgroup.com qa-www.donegalgroup.com donegalgroup.com;frame-src 'self' www.googletagmanager.com www.recaptcha.net www.google.com *.donegalgroup.com donegalinsurancegroup.applytojob.com gateway.zscalerthree.net;img-src 'self' data: www.google-analytics.com www.googletagmanager.com *.doubleclick.net *.donegalgroup.com *.mapquestapi.com http://*.mapquestapi.com a.tiles.mapquest.com *.360-value.com *.googleapis.com maps.gstatic.com play.google.com tools.applemediaservices.com *.honey.io cdn.honey.io;media-src 'self' signlearner.com ssl.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google.com www.google-analytics.com *.hotjar.com www.googleadservices.com www.gstatic.com www.recaptcha.net *.360-value.com *.mapquestapi.com maps.googleapis.com tools.applemediaservices.com *.googletagmanager.com *.google-analytics.com *.recaptcha.net static.hotjar.com;style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.googleapis.com *.honey.io cdn.honey.io;webrtc 'block';report-uri https://www.donegalgroup.com/csp-reporting.aspx 1
font-src *.googleapis.com *.gstatic.com *.intercomcdn.com *.stackpathcdn.com *.ecorebates.com use.fontawesome.com use.typekit.net www.shopperapproved.com'  https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.weltpixel.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://www.magezon.com assets.instantsearchplus.com *.visualwebsiteoptimizer.com *.listrakbi.com *.everesttech.net doubleclick.net *.doubleclick.net hvacdirect.com bat.bing.com shopperapproved.com www.shopperapproved.com google.com *.google.com insight.adsrvr.org sb.scorecardresearch.com px.owneriq.net realtimeanalytics.yext.com ct.pinterest.com ps.eyeota.net *.sharethis.com obs.segreencolumn.com *.tynt.com guarantee-cdn.com alb.reddit.com tags.bluekai.com *.inspectlet.com apxl.io *.adnxs.com js.intercomcdn.com static.intercomassets.com store.paradoxlabs.com https://redchamps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.apptrian.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com app.cpscentral.com cpscentral.ngrok.io clarity.ms *.clarity.ms hvacdirect.com *.ecorebates.com apxl.io *.visualwebsiteoptimizer.com guarantee-cdn.com www.redditstatic.com redditstatic.com *.listrakbi.com listrakbi.com chimpstatic.com ml314.com *.fastsimon.co cdn.shareaholic.net *.owneriq.net cdn.tynt.com de.tynt.com shopperapproved.com www.shopperapproved.com googleoptimize.com www.googleoptimize.com partner.shareaholic.net partner.shareaholic.com m9m6e2w5.stackpathcdn.com bat.bing.com instant.page s7.addthis.com platform-api.sharethis.com *.sharethis.com clickcease.com www.clickcease.com funnelytics.io *.funnelytics.io *.tctm.co *.segreencolumn.com *.intercom.io *.intercomcdn.com *.omappapi.com *.pinimg.com assets.sitescdn.net cdn.noibu.com *.cloudfront.com *.cloudfront.net analytics.tiktok.com app.shop.pe shop.pe addshoppers.s3.amazonaws.com static.ecorebates.com *.inspectlet.com 219994.tctm.xyz/t.js ob.segreencolumn.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.shopperapproved.com shopperapproved.com hvacdirect.com *.ecorebates.com a.omappapi.com *.fastsimon.com use.fontawesome.com *.typekit.net cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com js.intercomcdn.com hvacdirect.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com hvacdirect.com *.inspectlet.com *.intercom.io wss: nexus-websocket-a.intercom.io shareaholic.net *.shareaholic.net shareaholic.com *.shareaholic.com sharethis.com *.sharethis.com funnelytics.io *.funnelytics.io googlesyndication.com pagead2.googlesyndication.com doubleclick.net *.doubleclick.net obs.segreencolumn.com bat.bing.com *.tctm.co *.fastsimon.com api.omappapi.com ct.pinterest.com analytics.tiktok.com app.shop.pe *.noibu.com *.breadgateway.net *.clarity.ms apxl.io 219994.tctm.xyz/x.json monitor.clickcease.com www.clickcease.com suggest.instantsearchplus.com dev.visualwebsiteoptimizer.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com 'unsafe-inline' *.jotfor.ms; img-src *; media-src *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com *.youtu.be; child-src blob: 'self' *.youtube.com *.vimeo.com *.youtu.be; font-src 'self' fonts.gstatic.com cdn.jotfor.ms; connect-src 'self' *.osano.com *.adnxs.com; upgrade-insecure-requests 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-1Utnwz4tr4aGuRbh0GR0y1Gn86ehT+GzXAB/5P6L5kY=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src 'self' https://cdn.monetnik.ru; style-src 'self' https://cdn.monetnik.ru 'unsafe-inline' https://yastatic.net https://fonts.googleapis.com https://*.mindbox.ru;  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://cdn.monetnik.ru https://googleads.g.doubleclick.net https://www.google-analytics.com  https://apis.google.com https://adspire.io/  https://track.adspire.io  https://top-fwz1.mail.ru  https://vk.com https://*.mindbox.ru https://yastatic.net  https://www.googletagmanager.com https://mc.yandex.ru https://cdn.scarabresearch.com;  connect-src 'self' https://cdn.monetnik.ru https://mc.yandex.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://top-fwz1.mail.ru/ https://*.mindbox.ru https://vk.com https://mc.yandex.ru https://o446164.ingest.sentry.io https://recommender.scarabresearch.com;  img-src https: data:;  frame-src https://mc.yandex.com https://mc.yandex.ru https://blackfire.io https://content.adriver.ru  https://www.youtube.com  https://www.googletagmanager.com  https://yandex.ru;  worker-src blob:;  font-src 'self' https://cdn.monetnik.ru fonts.gstatic.com; report-uri /external-event/log/csp/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: munchkin.marketo.net bat.bing.com *.paypal.com *.facebook.net fg8vvsvnieiv3ej16jby.litix.io cdn.cookielaw.org www.google.co.in vc.hotjar.io js.braintreegateway.com *.mktoresp.com *.hotjar.com learn.ascm.org www.googletagmanager.com *.wistia.com *.googlesyndication.com *.linkedin.com *.mktoutil.com kit.fontawesome.com www.google-analytics.com *.facebook.com *.doubleclick.net ka-f.fontawesome.com tags.srv.stackadapt.com alb.reddit.com *.gstatic.com *.googleapis.com *.marketo.com region1.analytics.google.com adservice.google.com *.onetrust.com assets.braintreegateway.com www.google.com www.paypalobjects.com www.apics.org www.google.ca go.ascm.org *.licdn.com analytics.google.com *.typeform.com www.redditstatic.com *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-t1dFQ2ESnjQZISW93Ru8rA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https:; form-action 'self' *.bauhaus.cz *.facebook.com *.mail-komplet.cz; frame-ancestors 'self'; frame-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://kosik.bauhaus.cz/csp_report; 1
default-src 'self' https:; connect-src 'self' https: wss:; script-src 'unsafe-inline' 'self' https:; worker-src blob:; style-src 'unsafe-inline' 'self' https:; object-src 'none'; img-src 'self' data: https:; frame-ancestors 'self' 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'none';font-src 'self' data: https:;form-action 'self' https:;frame-ancestors https:;frame-src https: blob:;img-src 'self' blob: data: https: http:;manifest-src 'none';media-src 'self' https: blob:;object-src 'self' https://djtflbt20bdde.cloudfront.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' https://zenkit.com https://*.zenkit.com;report-uri /csp-report;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
object-src 'none';base-uri 'self';script-src 'nonce-pJWvhY3jHVITXbt4QmMPfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--Z8HAEiHWj6RHIVj8_6NVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none';  connect-src 'self' embedr.flickr.com chat-us.libanswers.com resources.bepress.com playback.bepressaws.com cascade2.libchat.com visitor2.constantcontact.com distillery.wistia.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io yoast.com listgrowth.ctctcdn.com www.facebook.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.analytics.google.com;  font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com static.juicer.io fonts.bunny.net;  frame-src 'self' imsa.libanswers.com accounts.google.com admin.helperhelper.com community.imsa.edu v2.libanswers.com docs.google.com calendar.google.com www.youtube.com www.google.com www.facebook.com bbox.blackbaudhosting.com assets.bepress.com;  img-src 'self' connect.facebook.net www.gstatic.com live.staticflickr.com www.googletagmanager.com previews.dropbox.com www.google-analytics.com www.imsa.edu s.w.org ps.w.org theeventscalendar.com fast.wistia.com data: embedwistia-a.akamaihd.net cdnjs.cloudflare.com www.paypalobjects.com ajax.googleapis.com onpointplugins.com secure.gravatar.com cdn.datatables.net www.facebook.com bbox.blackbaudhosting.com cdn.weglot.com;  script-src data: 'self' 'unsafe-inline' 'unsafe-eval' assets.bepress.com blackfacts.com imsa.libanswers.com community.imsa.edu pi.pardot.com cdn.jsdelivr.net widget.intercom.io js.intercomcdn.com fast.wistia.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com static.ctctcdn.com connect.facebook.net www.facebook.com assets.juicer.io bbox.blackbaudhosting.com bbox.blackbaudhosting.com cdn.datatables.net connect.facebook.net www.google-analytics.com www.googletagmanager.com;  style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com static.ctctcdn.com ajax.googleapis.com assets.juicer.io bbox.blackbaudhosting.com cdn.datatables.net;  script-src-elem 'self' 'unsafe-inline' imsa.libanswers.com ajax.googleapis.com assets.bepress.com connect.facebook.net www.gstatic.com www.google.com cdnjs.cloudflare.com static.ctctcdn.com www.google-analytics.com cdn.datatables.net www.googletagmanager.com embedr.flickr.com widgets.flickr.com;  style-src-elem 'self' 'unsafe-inline' static.ctctcdn.com fonts.googleapis.com ajax.googleapis.com cdn.datatables.net www.gstatic.com;  media-src 'self' blob: ;  worker-src 'self' blob: ;  report-uri https://app.imsa.edu/connect/csp/report 1
object-src 'none';base-uri 'self';script-src 'nonce-MExBJUrlkf77u6KMTYon2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://*.yandex.net https://techport.api.useinsider.com https://vk.com https://*.vk.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://105.p.giex.ru https://techport.servicecdn.ru https://9khj7ltnoi.a.trbcdn.net/ https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://*.flix360.io https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://techport.api.sociaplus.com https://flv.isitetv.com https://rum.ngenix.net https://*.cdnvideo.ru https://app.clicker.one https://*.24ttl.stream https://goodmod.ru https://code.p95bxv.ru https://x.cnt.my/ https://dmrtx.com/ https://*.searchbooster.io https://*.searchbooster.net https://cdn.diginetica.net https://getrcmx.com https://cdn.enkod.ru/script/enpop.min.js https://cdn.enkod.ru/script/enpop-main.min.js https://ext.enkod.ru https://ga.segmel.com https://api.b2pos.ru/shop/v2/connect.js https://dpartaptm.com/; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-VgyWVrDIEyLdG8coFa52Carg0KnJGV0D' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.logic.azure.com/ https://devcomapbotpilot-test.azurewebsites.net https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ https://devcomapcognitiveservices-test.azurewebsites.net https://intelisearch-stage.azurewebsites.net https://intelisearch.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1
frame-ancestors 'self'; report-uri https://www.geelongadvertiser.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-01q6YaVW_xxYV9-3Zshrsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src magnet.me 'self' cdn2.magnet.me;script-src cdn.magnet.me www.googleadservices.com 'self' react-assets.magnet.me js.hs-analytics.net magnet.me appleid.cdn-apple.com 'nonce-MlWkdFX6Kyjvp9j3gEVj1sybaBq79sbmfBnL5oP5xxm3xUfTAfPvvM_I8qj2cItUxiqKMsnSNBvuMq10iSzgcw' www.googletagmanager.com js.hs-scripts.com www.google.com js.usemessages.com www.youtube.com cdn.mxpnl.com 'nonce--y1UsQ_u0_RTSKSzwMTV7n5KfEMFWPh1UOB_AzNYuTFP_WVXaD6vDIPG9ndUw9dX3b72RlRkNlRL2iyciR3uWQ' www.google-analytics.com js.hs-banner.com 'nonce-vo_ERcKM2CHCir5_K2I1OPJNMNtihbk9PcoazJCeEYyL9sBd6nLPeV47llB6YWXtZ6-xRAB1NLF0vqXUnfFYPg' accounts.google.com 'nonce-2_dhY7A7s6Gf1vABQWEK5CZ483G904dvB2L1qh4Dc9p9GcAR21BXf9q6jb4Fp7y5h7QVqtb_YtsmY0kwSebpkQ' cdn2.magnet.me 'sha256-1IkqozT/H/2heUSDDnX06X3BALhuMa6WTQrebKtbRYs=' connect.facebook.net ssl.google-analytics.com js.hsleadflows.net home-assets.magnet.me 'nonce-xFQNDear3ja4uQ-wEH1p5pwZAug8xlbSUJPyBKUCzBjkU6yHv_dWV3CnFvccAAGjsDuJxNjNgulMLUr_qV2oVQ';img-src www.google.nl googleads.g.doubleclick.net 'self' www.googletagmanager.com www.google.co.uk www.google.com region1.analytics.google.com https: region1.google-analytics.com data: stats.g.doubleclick.net www.google-analytics.com;connect-src www.facebook.com forms.hubspot.com 'self' cdn2.magnet.me files.magnet.me api.magnet.me region1.analytics.google.com exceptions.hubspot.com region1.google-analytics.com stats.g.doubleclick.net api.hubspot.com https://oauth.magnet.me wss://ws.magnet.me analytics.google.com https://uploads.magnetme-images.com/ api-eu.mixpanel.com www.google-analytics.com;font-src magnet.me 'self' cdn2.magnet.me fonts.gstatic.com data:;object-src 'self';media-src home.magnetme-images.com 'self' home-assets.magnet.me;child-src 'self';frame-src accounts.google.com app.hubspot.com 'self' www.googletagmanager.com https://www.facebook.com www.google.com www.youtube.com;form-action magnet.me https://www.facebook.com/tr/ 'self';frame-ancestors 'self';style-src fonts.googleapis.com home-assets.magnet.me 'unsafe-inline' 'self' cdn2.magnet.me magnet.me; 1
object-src 'none';base-uri 'self';script-src 'nonce-nuH0U9KmXDsCQ_8xQFcBVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'self' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com *.google-analytics.com stats.wp.com *.quantcast.com *.quantserve.com *.quantcount.com quantcast.mgr.consensu.org cmp.inmobi.com form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com 'nonce-zL6cXZ6UW6mVFSAjaMzxZ5XI' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.quantserve.com prreqcroab.icu pixel.quantcount.com *.cookielaw.org; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net *.quantcount.com *.quantcast.com *.inmobi.com submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
object-src 'none';base-uri 'self';script-src 'nonce-Qs4_Oik3Zd5I0522G5frgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src  *.zipmoney.com.au *.iyzipay.com *.gstatic.com *.cloudfront.net *.zip.co *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.euw2.pure.cloud *.adyen.com *.brightcove.net *.salecycle.com *.tradedoubler.com *.pure.cloud 'self' 'unsafe-inline';img-src *.s3.amazonaws.com *.dyson.lv *.zipmoney.com.au *.boldchat.com *.mktgcdn.com *.dyson.vn *.afterpay.com *.euw2.pure.cloud *.facebook.com *.adyen.com *.assetsadobe2.com *.zip.co *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.dyson.com.ro *.bazaarvoice.com *.omtrdc.net *.yahoo.net *.googletagmanager.com *.brightcove.com *.boltdns.net *.dyson.co.uk data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.bambuser.com *.boldchat.com *.queue-it.net *.dyson.lv *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.afterpay.com *.googletagmanager.com *.go-mpulse.net *.facebook.net *.brightcove.net *.amazonaws.com *.salecycle.com *.riskified.com *.zencdn.net *.zipmoney.com.au *.zip.co *.pure.cloud blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.amazonaws.com *.googleapis.com *.optimizely.com *.checkout.com *.zip.co 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.dyson.lv *.akstat.io *.boldchat.com wss://websocket.bold360.com *.google.com *.demdex.net wss://webmessaging.euw2.pure.cloud *.nanorep.co *.nr-data.net *.adyen.com *.cloudfront.net *.amazonaws.com *.newrelic.com *.omtrdc.net *.bazaarvoice.com *.go-mpulse.net *.google-analytics.com *.salecycle.com *.doubleclick.net *.zip.co *.riskified.com *.zipmoney.com.au *.pure.cloud *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.vidyard.com euc-widget.freshworks.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com play.vidyard.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.google-analytics.com www.googletagmanager.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.d-hosting.nl www.google-analytics.com www.googletagmanager.com; script-src-attr 'unsafe-inline'; style-src 'self' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.d-hosting.nl; style-src-attr 'unsafe-inline'; img-src 'self' www.d-hosting.nl www.google-analytics.com www.gstatic.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' euc-widget.freshworks.com www.google-analytics.com; frame-src 'self' www.googletagmanager.com; frame-ancestors 'self'; form-action 'self'; report-uri https://07d95ef832b8e7e3fcc49a07cb322378.report-uri.com/r/d/csp/wizard 1
default-src 'none'; font-src 'self' https://fonts.gstatic.com https://*.mopinion.com; script-src-elem 'self' *.googletagmanager.com https://*.mopinion.com https://unpkg.com https://integration.occ7.mtel.eu 'nonce-1UIJYBCUBATK6NHLO7';script-src 'self' *.googletagmanager.com https://www.google-analytics.com 'nonce-1UIJYBCUBATK6NHLO7' 'sha256-TqjM/ocl9Ih4hsJxBuYJi9DiPkAJnBID1b5nkiBEnYI=' 'sha256-vemytl4W5Qmww8+4p7ijbNPmvDbs6GPIf7CXCwtOWgc=';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.mopinion.com https://edge.cookieconsent.io;img-src 'self' mijn.s-bb.nl *.googletagmanager.com;form-action 'self'; base-uri 'self';frame-ancestors 'self';frame-src 'self' youtube.com www.youtube.com;manifest-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.mopinion.com https://*.clarity.ms ;report-uri /umbraco/api/csp/report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.analytics.google.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_test_environments_or_csp-report-only_header_in_live 1
object-src 'none';base-uri 'self';script-src 'nonce-iterybVMDXgefE_rVODKPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-4kdoZ6_z9VTHyzyDLT2swg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' *.wavin.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.jsdelivr.net; script-src 'sha256-tlN4AFZ/aUBLsWj7U35kuCS4pZap3bBHUISVSkjPBbw=' 'sha256-VIsE4c/mMtmYTBZWmAJB36ne0RrBPX2JkdVIZN2ZbPM=' 'sha256-leuS1zQN3UM843sy/uKRgTLFdw3U8lwIUEEBcqqIEwk=' 'sha256-tlN4AFZ/aUBLsWj7U35kuCS4pZap3bBHUISVSkjPBbw=' 'self' 'self' *.onetrust.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.eu.auth0.com *.wavin.io *.hotjar.com *.polyfill.io *.clarity.ms js.hsforms.net browser-update.org unpkg.com globalbot.ai anecalc.azurewebsites.net; frame-src *.hotjar.com anecalc.azurewebsites.net; connect-src 'self' *.azure-api.net *.onetrust.com *.wavin.com *.eu.auth0.com *.wavin.io *.services.visualstudio.com *.google-analytics.com *.contentstack.com *.a.run.app/v1/traces *.clarity.ms anecalc.azurewebsites.net; img-src * data: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.salesforce.com *.salesforceliveagent.com *.youtube.com *.ytimg.com aq.flippenterprise.net familiprix.secure.force.com familiprix.my.salesforce.com maps.googleapis.com preprod-familiprix.cs34.force.com service.force.com static.lightning.force.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com *.cookielaw.org *.igodigital.com assets-web.familiprix.com; font-src 'self' fonts.gstatic.com familiprix.my.salesforce.com data: *.cookielaw.org *.googletagmanager.com; connect-src 'self' *.salesforce.com *.salesforceliveagent.com aq.flippenterprise.net familiprix.secure.force.com https://sentry.io clients-staging.us.auth0.com/ preprod-familiprix.cs34.force.com s3.amazonaws.com service.force.com maps.googleapis.com www.google-analytics.com *.cookielaw.org https://api.familiprix.com; img-src 'self' *.gstatic.com *.s3.amazonaws.com data: maps.googleapis.com s3.amazonaws.com www.google-analytics.com *.igodigital.com assets-api.familiprix.com assets-web.familiprix.com; style-src 'self' 'unsafe-inline' aq.flippenterprise.net assets-web.familiprix.com familiprix--preprod.my.salesforce.com familiprix.my.salesforce.com familiprix.secure.force.com fonts.googleapis.com preprod-familiprix.cs34.force.com service.force.com tagmanager.google.com *.onetrust.com; media-src 'self' *.s3.amazonaws.com; frame-src *.hotjar.com *.youtube.com aq.flippenterprise.net familiprix--preprod.my.salesforce.com familiprix.my.salesforce.com familiprix.secure.force.com preprod-familiprix.cs34.force.com service.force.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-BCl8Z8PiG_h7wlyqmQBCrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EZcOEFzxgtpkzjYYp1eVPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.hbl.com www.googletagmanager.com hbl.pushengage.com *.doubleclick.net www.google-analytics.com *.facebook.com hbl-web.peekaboo.guru *.gstatic.com analytics.pangle-ads.com *.tiktok.com www.google.com.pk cdnjs.cloudflare.com *.googleadservices.com clientcdn.pushengage.com www.youtube.com www.google.co.uk www.google.ae *.facebook.net *.licdn.com region1.analytics.google.com analytics.google.com *.linkedin.com www.google.com www.google.com.sa www.google.com.bh www.google.co.za hbl-rewards.peekaboo.guru adservice.google.com www.google.com.bd *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hlc7l6v5w6.execute-api.us-west-2.amazonaws.com lets.shop *.facebook.net *.arcgis.com *.vimeo.com di.rlcdn.com destinilocators.com cdn.cookielaw.org vc.hotjar.io adservice.google.com *.onetrust.com *.hotjar.com js.hsleadflows.net www.googletagmanager.com www.google-analytics.com www.google.com js.hs-banner.com cdnjs.cloudflare.com cdn.popt.in *.adsrvr.org *.gstatic.com *.bazaarvoice.com metrics.hotjar.io maxmind.destinilocators.com js.hs-scripts.com *.pinterest.com perf.hsforms.com *.facebook.com api.hubapi.com display.popt.in *.pinimg.com form.jevousremercie.fr js.hsadspixel.net js.hscta.net *.googleapis.com *.hubspot.com content.hotjar.io *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com 02p-sitecrregional-c-p01.azurewebsites.net chat.davivienda.cr www.googletagmanager.com www.google.com *.facebook.com www.google.co.cr www.google-analytics.com *.doubleclick.net *.gstatic.com *.facebook.net *.davivienda.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-AIibqrBLXjIQqCf9miWftw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=bc903b2e-d5a2-4b3a-88fb-a0aa3f8faaaf;report-to csp-endpoint;default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: mediastream: *.adsintegrity.net *.bitssec.com *.bytedapm.com *.byteintl.com *.byteintl.net *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.cdn-apple.com *.doubleclick.net *.facebook.com *.facebook.net *.goofy-cdn.com *.google-analytics.com *.google.ca *.googleapis.com *.googletagmanager.com *.gstatic.com *.ibytedtos.com *.ibyteimg.com *.pipopay.com *.pipopayment.com *.pipopayment.us *.resso.me *.soundon.global *.tiktok.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokmusic.app *.tiktokmusic.me *.tiktokv.com *.tiktokv.us *.tiktokw.eu *.ttwstatic.com *.vodupload.com *.yhgfb-static.com googletagmanager.com 1
default-src 'self' *.edelvivesdigitalplus.com wss://edelvivesdigitalplus.com edelvivesdigitalplus-prod-content.s3.eu-central-1.amazonaws.com lemonade-assets.oneclick.es *.app-ai.oneclicklabs.es *.google-analytics.com *.analytics.google.com *.stonly.com accounts.google.com api.amplitude.com app-ai.oneclicklabs.es auth.polpbyedelvives.com consent.cookiebot.com consentcdn.cookiebot.com stonly.com widget.app-ai.oneclicklabs.es cdn-global.configcat.com oraculo-polp.oneclick.es login.microsoftonline.com youtube.com *.youtube.com edpuzzle.com view.genial.ly web.additioapp.com metascraper-mint.oneclick.es unpkg.com stats.g.doubleclick.net td.doubleclick.net edelvivesimmersivereaderdev.cognitiveservices.azure.com *.imtlazarus.com; object-src 'none'; font-src * data:; img-src * data: blob:; script-src edelvivesdigitalplus.com *.stonly.com accounts.google.com api.amplitude.com apis.google.com youtube.com *.youtube.com edpuzzle.com auth.polpbyedelvives.com cdn.jsdelivr.net/npm/katex@0.15.1/dist/contrib/auto-render.min.js cdn.jsdelivr.net/npm/katex@0.15.1/dist/katex.min.js cdnjs.cloudflare.com unpkg.com consent.cookiebot.com consentcdn.cookiebot.com ircdname.azureedge.net polyfill.io stonly.com widget.app-ai.oneclicklabs.es www.googletagmanager.com widget.app-ai-dev.oneclicklabs.es 'sha256-8VWEfV1MHXcCbi/lcOneF2oDbPdYwskZilS/Xih/+zc=' 'sha256-iHzLbQ/l3ApSsGFHa7HlcL6ClmFFDjQsgRixIF260Ac='; style-src 'self' 'unsafe-inline' accounts.google.com/gsi/style cdn.jsdelivr.net/npm/katex@0.15.1/dist/katex.min.css fonts.googleapis.com widget.app-ai.oneclicklabs.es widget.app-ai-dev.oneclicklabs.es; report-uri https://report-uri.edelvivesdigitalplus.com/logs; report-to csp-endpoint; 1
default-src 'self'; script-src-elem wss: https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com https://*.wejekihota.com https://*.kaspersky-labs.com https://*.cobrowse.io https://*.com.br https://get663.com https://conoret.com https://*.acestream.net https://cilkonlay.com https://dimagesrc.com https://*.techtarget.com https://*.comsimo.com https://pilaff-up.ru https://localhost https://*.seculab.kr https://*.cloudflare.com https://*.adguard.org https://*.mathjax.org https://*.optitc.com https://plaff-go.ru https://*.il8hmn9.com https://*.101apis.com https://widget-feature.local https://vk-online.xyz https://*.voipe.cc https://*.hamigen.com https://*.facebook.net https://*.scriptcdn.net https://ciclonrox.com https://*.alicdn.com https://*.pictdog.com https://higedev.cool https://*.amazonaws.com https://2gether.video https://*.advertur.ru https://*.maoyinews.xyz https://*.thetto.com https://*.tetsip.com https://*.pagespeed-mod.com https://devhost.local https://*.pletar.com https://*.googlesyndication.com https://*.6.132 https://*.junasonuku.com https://*.elgrosac.com https://yastatic.net https://*.yandex.net https://*.itineraire.info https://*.kismuta.com https://pro-sw.ru https://ystatic.site https://*.piyugahevo.com https://izveztka.ru https://*.walkme.com https://*.nedmaf.com https://countmake.cool https://fidoapi.com https://*.tfxiq.com https://*.tlscdn.com https://*.superfish.com https://*.vabexici-fopixu.com https://unpkg.com https://*.krouche.com https://biglinksrc.cool https://googletagmanager.com https://*.raxanixuru.com https://agadata.online https://qdatasales.com https://*.hirizasune.com https://*.zscalertwo.net https://*.vvipquan.com https://mikkiload.com https://blinkjork.com https://*.mimecast.com https://lisegreen.biz https://*.arrowheadcu.org https://*.bmimin.com https://*.jaceloregi.com https://*.adguard.com https://*.klastaf.com https://*.gryplex.com https://*.prod2016.com https://*.d2sri.com https://*.zscaler.net https://*.yutrec.com https://*.greskof.com https://*.wagajewibo.com https://*.bunevamama.com https://*.kizexiroci.com https://*.pmddby.com https://*.wuruwobeze.com https://*.uc.cn https://*.jsdelivr.net https://*.seconnecter-ici.com https://mobiclean.xyz https://clicksapp.net https://lowffdompro.com https://*.wootric.com https://*.closezero.com https://*.phistouquet.com https://*.zumuzaziko.com https://*.microsofttranslator.com https://tracksmall.com https://dobrofiles.ru https://*.metabar.ru https://*.padirmua.com https://rb.gy https://*.google.cn https://*.argimc.com https://*.wisoyekivo.com https://*.plujet.com https://*.bizible.com https://*.moipreso.com https://*.quigal.com https://*.plopatic.com https://*.biilut.com https://*.siwathe.com https://*.stackalyzer.com https://*.arirs.com https://*.steampp.net https://*.peazheut.com https://*.m70vee7.com https://*.seconetic.com https://*.quantcount.com https://*.quantserve.com https://*.cqxcbb.cn https://*.toolszen.com https://*.jquery.com https://*.dev.local https://makesure.biz https://*.blicougi.com https://peterfire.net https://*.sunnycoast.xyz https://*.blamap.com https://*.tresimlerb.com https://kellysford.com https://*.pulirofa.com https://jullyambery.net https://hublosk.com https://loungesrc.net https://*.xuyehexunu.com https://*.zscalerone.net https://*.colloquiumz.com https://*.xixuzutage.com https://*.zunelrish.com https://practiclick.xyz https://payperclickadz.com https://*.metoun.com https://*.github.io https://cosmeticsrc.com https://*.safecdn01.com https://*.ma-direction.com https://*.outsmoke-niyaxabura.com https://nazba.ru https://*.amorff.com https://valise-small.com https://doubleview.online https://*.anoyntha.com https://*.liyujekuge.com https://*.maynhtml.com https://*.bizinmegri.com https://*.rawgit.com https://*.ahjilop.com https://*.minoporso.com https://*.vulapo.com https://fiendgamers.com https://*.galleta-bicikega.com https://greasyfork.org https://strapimg.com https://autroliner.com https://*.tevela-jebijub.com https://*.kawebezija.com https://*.sepopesuja.com https://*.sunovitoso.com https://modisres.com https://*.trouvayca.com https://polinaryapp.com https://*.deplitg.com https://*.lajopami.com https://*.nuwipidaro.com https://*.rosalop.com https://*.fatenaxe-mailie.com https://*.itnaps.com https://*.myloap.com https://*.kumureyole.com https://*.yibivacaji.com https://*.cevocoxuhu.com https://*.biloufer.com https://*.techloq.com https://*.gimoli.com https://*.ilplet.com https://*.zawaceboji.com https://*.mycouponsmartmac.com https://*.dodecawube.com https://*.riploi.com https://findmanual.org https://*.sparknotes.com https://*.oomatie.com https://*.bliplas.com https://*.com.au https://*.i53lw0.com https://*.peyenuxema.com https://nickletto.com https://*.su3e5.com https://simonzody.com https://*.stabouli.com https://*.moiziq.com https://*.ronuwu-fujevo.com https://*.pasruma.com https://bttrack.com https://*.bttrack.com https://*.liesking.com https://*.lacedefe.com https://*.caliculo.com https://*.ilipol.com https://*.mareps.com https://*.molaroute.com https://*.smartadcheck.de https://*.blackclawer.ru https://sdffnskldfns.com https://*.cdn77.org https://*.grasow.com https://arrowbattles.com https://*.glucmu.com https://*.fedjuh.com https://*.zesewodasi.com https://*.rasorefafi.com https://*.pacoyixo.com https://*.bimien.com https://*.khorel.com https://*.bicelou.com https://*.zhanyangsh.cn https://*.segment.com https://*.segment.io https://*.googletagmanager.com https://*.google.com https://*.akamaihd.net https://*.googleadservices.com https://www.googleadservices.com https://*.bing.com 'self' 'unsafe-inline'  https://*.qualtrics.com https://*.msecnd.net https://*.clicktale.net https://*.mxpnl.com https://*.googleapis.com https://www.pagespeed-mod.com  https://www.googletagmanager.com https://linkproext.com https://*.marketo.net https://*.amplitude.com https://*.pendo.io data:; script-src https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com https://*.scriptcdn.net https://printapplink.com https://mobiclean.xyz https://*.techtarget.com https://ciclonrox.com https://nickletto.com https://*.maynhtml.com https://autroliner.com https://*.stats-collector.org https://*.colloquiumz.com https://*.umbrella.com https://*.songbooq.com https://viewplugin.com https://*.tresimlerb.com https://*.domain.name https://*.hugedomains.com https://veronamile.com https://*.wootric.com https://biosstand.com https://genyhome.com https://roxlock.com https://*.googletagmanager.com https://*.segment.io https://*.segment.com https://*.marketo.net https://*.bing.com https://*.clicktale.net https://*.google.com https://*.intercom.io https://*.qualtrics.com 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://dimagesrc.com https://cdn.optimizely.com https://*.amazonaws.com https://www.pagespeed-mod.com https://*.doubleclick.net https://www.google.com https://*.googleadservices.com https://www.googleadservices.com widget-feature.local https://*.msecnd.net https://www.googletagmanager.com https://*.mxpnl.com https://*.amplitude.com https://*.pendo.io https://*.intercomcdn.com; style-src https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.googleapis.com 'report-sample' 'self' 'unsafe-inline' https://pwm-image.trendmicro.com https://adblockers.opera-mini.net https://static.contextall.com https://pwm-image.trendmicro.jp blob: https://cpanel.voipe.cc data: https://cdn.walkme.com https://p.typekit.net https://cdn.honey.io https://lib.baomitu.com; object-src 'none'; base-uri https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com https://*.voipe.cc https://*.com.br https://*.com.ua https://*.reddit.com https://biblsoft.ru https://*.steampowered.com https://vpn.net https://*.facebook.com https://*.wikipedia.org https://*.rssing.com https://*.hp.com https://*.iperiusbackup.net https://*.smwcentral.net https://*.updateordie.com https://aliexpress.ru https://skymarket.ua https://book24.ua https://*.com.ar https://*.elsevier.es https://*.coolblue.nl https://*.unbxtech.com https://superuser.com https://tecadmin.net https://*.raspberrypi.com https://*.gog.com https://*.gs4u.net https://*.cmu.edu https://*.linksys.com https://frontier.com https://*.netflix.com https://*.bicfic.com https://crackzoom.com https://cracktopc.com https://*.iperiusbackup.com https://muzamilpc.com https://activationkeys.org https://*.co.uk https://*.who.int https://bukkit.org https://*.digicert.com https://*.chromium.org https://chromeenterprise.google https://*.cobiansoft.com https://*.linux-backup.net https://notagamer.net https://*.leagueoflegends.com https://*.powned.it https://*.home-assistant.io https://*.knx.org https://tybahome.com https://*.smarthomeworld.in https://*.apple.com https://*.com.au https://powerplant.ua https://bigl.ua https://prom.ua https://litl-admin.ru https://*.org.ua https://*.whatismyip.com https://*.vpn.net https://*.cambridge.org https://*.vocabulary.com https://*.britannica.com https://*.collinsdictionary.com https://*.assemblymade.com https://*.stackexchange.com https://*.helpster.de https://*.gamedev.tv https://*.auslogics.com https://*.planetminecraft.com https://windowsbulletin.com https://*.researchgate.net https://birdcount.in https://plagiarismcheckerx.com https://*.pakshimitra.org https://*.com.my https://*.sadhubela.com https://*.servicescape.com https://*.dalfak.com https://*.vegbx.com https://*.intermedia.com https://*.subnautica.com https://unknownworlds.com https://*.manuals.plus https://technicalustad.com https://*.leadtek.com https://vizer.tv https://vizer.in https://*.speakeasy.net https://indianexpress.com https://*.cumberlandcountypa.gov https://*.partitionwizard.com https://windowsreport.com https://*.infopedia.pt https://techcult.com https://*.thewindowsclub.com https://shockbyte.com https://*.gamingesports.com https://appuals.com https://*.tiltedphoques.com https://*.ghostarrow.com https://gameskeys.net https://*.nstec.com https://steamcommunity.com https://*.live.com https://*.softonic.com https://*.uptodown.com https://*.youtube.com https://*.logmeinrescue.com https://nashformat.ua https://zaxid.net https://theukrainians.org https://*.yakaboo.ua https://zakazknig.pl https://*.in.ua https://zyorna.ru https://*.bbc.com https://akonit.net https://opendatabot.ua https://zakarpatpost.net https://*.edu.ua https://*.bookloverbookreviews.com https://muztext.com https://rush-sound.ru https://*.smule.com https://*.farmacity.com https://farmasky.com https://*.farma2go.com https://*.farmaciaevacontreras.com https://gomezcordoba.com https://*.com.uy https://laboratoriosbabe.com https://*.fda.gov https://*.promofarma.com https://*.com.ve https://*.farmaciacampoamor.com https://*.farmaciastrebol.com https://*.farmaciaselsol.com https://*.inside-pharmacy.com https://*.rappi.cl https://*.farmaten.com https://*.castrofarmacias.com https://okfarma.es https://*.fmasonline.com https://donfarma.com https://*.boticas23.com https://*.farmacialosangeles.es https://*.farmaciamompia.es https://*.farma-vazquez.com https://*.cofares.es https://*.farmaciacoliseum.com https://*.dyn.com https://dyndns.it https://*.amazon.com https://manuals.plus https://*.instalki.pl https://*.softonic.pl https://*.majorgeeks.com https://*.microsoft.com https://*.google.com 'self'; connect-src wss: https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com https://localhost https://fcgt742.com https://w88p9x.com https://*.0.1 https://*.v.network https://*.techtarget.com https://trybusiness.site https://*.ytlogs.ru https://adtonus.com https://zone1-services-cdn.com https://rdtds.net https://*.withgoogle.com https://tapp.li https://*.co.in https://*.killadsapi.com https://*.101apis.com https://apps-analytics.net https://skincareadvertsking.com https://*.effirst.com https://doublestat.info https://redmarket.online https://*.yandex.net https://triplestat.online https://*.jsdelivr.net https://*.crystal-blocker.com https://*.dbankcloud.com https://*.taobao.com https://*.blocksly.org https://*.baidu.com https://*.ultimateaderaser.com https://*.highdataanalytics.com https://*.clean-blocker.com https://*.yandex.ru https://*.vvipquan.com https://*.com.mx https://*.contentful.com https://*.co.jp https://*.com.sv https://*.walletconnect.org https://*.com.my https://*.ipify.org https://fiendgamers.com https://*.com.br https://*.prod2016.com https://*.co.kr https://*.sentry.io https://tm.filter https://*.glitch.com https://*.com.ph https://*.api4load.net https://*.google.ru https://new229.com https://maralo.ru https://*.ciuvo.com https://*.mimecast.com https://*.133.154 https://*.steampp.net https://yandex.ru https://*.google.it https://dailyview.site https://*.hicloud.com https://arrowbattles.com https://sf-helper.com https://*.x2convert.com https://*.1p1eqpotato.com https://*.kslogs.ru https://*.cdnservice.space https://crisgrey.com https://*.wootric.com https://*.solarspireconsulting.com https://*.glitch.me https://*.adcleanerpage.com https://*.google.ca https://rawjeansadvertising.com https://*.com.au https://*.walkme.com https://*.mobilevikings.be https://*.133.157 https://*.umbrella.com https://zamant.ru https://*.google.kg https://*.herokuapp.com https://*.com.py https://*.global-data-lab.com https://*.bot.nu https://*.6.132 https://*.greenadblocker.com https://iost-qed.net https://*.google.dz https://*.com.bd https://*.trackduck.com https://*.27.156 https://*.google.fr https://*.opendns.com https://*.techloq.com https://*.google.lk https://lapuso.ru https://sfops.ru https://vk.com https://*.google.hu https://*.google.hr https://*.google.me https://*.com.pk https://*.google.at https://*.com.sg https://*.com.lb https://*.com.hk https://*.com.uy https://tryt.site https://*.activemetering.com https://*.com.vn https://*.google.tt https://*.com.ar https://*.blablacarv.ru https://sentry.io https://*.microsofttranslator.com https://*.com.tw https://*.co.uk https://*.datacloudstat.com https://*.video-adblock.com https://*.com.ly https://*.fulladblock.com https://*.com.ua https://*.segment.io https://*.segment.com https://meetlookup.com https://*.adnxs.com https://get663.com https://*.global-cache.online https://*.doubleclick.net https://subwayblaze.com https://*.cdn77.org https://*.trongrid.io https://*.akamaihd.net https://analyticssystems.net https://*.intercom.io https://*.mxpnl.net https://*.google.com https://*.ultimateadb.com https://*.jquery.com https://floatingplayer.com https://*.amplitude.com https://*.mktoutil.com https://*.adblock360.org https://*.visualstudio.com https://*.arrowheadcu.org https://*.ucweb.com https://*.tronex.io https://*.adblock360.net https://google.co.in https://google.com.ph https://*.fbanalytics.org https://*.kaspersky-labs.com https://google.com.br https://google.com.au https://*.google.cz https://google.co.jp 'self' https://*.azurewebsites.net wss://websocket.bold360.com https://*.mktoresp.com https://api-js.mixpanel.com https://*.pendo.io https://*.qualtrics.com data: https://*.googleapis.com; font-src https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.jsdelivr.net https://*.preply.com https://*.baomitu.com https://*.aoscdn.com https://*.fontawesome.com https://*.hdslb.com https://*.googleapis.com https://*.bunny.net https://*.faceworks.nl https://*.joinhoney.com https://*.zohocdn.com https://71a81526-541f-43f0-b073-efae8462f43b https://b6fbe375-438e-4afb-82f5-e7ed056db0b4 https://*.moedict.tw https://*.escribelo.ai https://ray.st https://*.herokuapp.com https://*.couponmate.com https://*.slant.co https://*.githack.com https://*.aahub.org https://77e246ad-f86e-4d65-8099-2f4307af10ce https://d123182c-4574-4bac-9cae-afe25312fda8 https://unpkg.com https://*.googleusercontent.com https://*.intercomcdn.com https://*.amazonaws.com https://*.cdnfonts.com https://*.ivaws.com https://*.merci-app.com https://*.pstatic.net https://*.qantas.com https://*.cloudflare.com https://*.avast.com https://*.windows.net https://*.bootstrapcdn.com https://*.fbamultitool.com https://*.scite.ai https://*.designmanager.com 'self' https://*.gstatic.com https://use.typekit.net data: https://cdn.honey.io chrome-extension moz-extension https://at.alicdn.com https://zip.co https://github.com https://cdn.megabonus.com https://static2.sharepointonline.com https://www.slant.co ms-browser-extension; frame-src https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.mediaplex.com https://acestream.me https://facturacionmexico.net https://*.start.xyz https://div.show https://noop.style https://remove.video https://*.contextall.com https://skytraf.xyz https://*.poweradblocker.com https://*.office.com https://*.umbrella.com https://object.center https://*.ciuvo.com https://*.trendmicro.jp https://*.summer5188.com https://*.live.com https://*.zhanyangsh.cn https://*.weatherforecastonline.app https://*.techloq.com https://*.zscloud.net https://*.metabar.ru https://*.opendns.com https://*.zscalertwo.net https://*.conectaseguro.online https://surfe.be https://*.mybluemix.net https://*.voipe.cc https://anyconnectcheck.me https://*.office365.com https://*.microsoftonline.com https://*.252.201 https://*.microsoft.com https://*.yeshivanet.com https://fiendgamers.com https://*.mozilla.org https://*.safen100.com https://*.walkme.com https://flipshope.com https://*.vcdc.com https://*.236.66 https://*.mgtv.com https://*.shshinfo.com https://*.1.80 https://*.capgemini.com https://*.findmypackageforfree.com https://*.withtls.net https://*.tudor.com https://jquerylibs3.com https://*.143.130 https://*.bluecoat.com https://*.schoolsbroadband.net https://localhost.localdomain https://jquerylibs2.com https://makeviraltrends.com https://localhost https://*.245.182 https://*.80.23 https://*.kurumsaleposta.com https://*.googleapis.com https://*.ahlefind.com https://*.celxkpdir.com https://*.outlook.com https://*.exchmapdata.com https://mlk-wsa-v670-a https://*.zscaler.net https://trendlavida.com https://unintoxicating.com https://*.iis.net https://*.networksolutionsemail.com https://*.bnlinks.info https://bnlinks.info https://*.252.178 https://*.35.227 https://*.chacizus.com https://*.rainbowblocker.com https://*.224.149 https://*.0.1 https://*.21.100 https://*.21.103 https://arrowbattles.com https://videocdnmetrika.com https://testingmetriksbre.ru https://statchromebest.ru https://lookmeet.tv https://utraff.com https://vocabla.com https://*.service.anz https://*.shortwave.com https://*.compsych-ad.int https://*.mail.ru https://*.menlosecurity.com https://*.18.12 https://watchwatchvideo1.com https://watchwatchvideo.com https://*.yandex.ru https://*.trendmicro.com https://*.youtube.com https://*.doubleclick.net https://*.googletagmanager.com https://*.moz.com https://*.akamaihd.net https://*.azureedge.net https://*.global-cache.online https://*.google.com https://*.amazonaws.com https://*.adblock360.net https://*.googlesyndication.com https://*.windadblocker.com https://*.quantumadblocker.com https://youtube.com https://*.pendo.io https://*.greenadblocker.com https://*.github.io https://*.facebook.com https://*.adblock360.org 'self'; img-src https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com https://*.google.tn https://jonypractic.net https://yastatic.net https://*.honey.io https://*.sendtric.com https://*.google.mk https://cilkonlay.com https://*.google.ge https://*.google.ba https://*.co.ke https://*.google.lu https://*.google.md https://*.yandex.ru https://*.com.lb https://*.google.tt https://*.co.zw https://*.google.mg https://*.google.bs https://*.google.dz https://*.baidu.com https://*.google.mu https://massehight.com https://*.google.mn https://*.co.ao https://*.google.im https://*.co.uz https://*.com.mt https://analyticssystems.net https://*.google.sc https://*.google.me https://*.com.gh https://*.google.al https://*.com.ag https://*.com.vc https://*.windows.net https://josetroi.com https://*.com.pg https://*.com.np https://*.google.mv https://*.google.ci https://*.acestream.net https://*.exchmapdata.com https://loungesrc.net https://*.google.rw https://*.google.ps https://*.google.ht https://*.yandex.net https://*.com.et https://*.com.gi https://*.co.tz https://*.google.cg https://*.com.ai https://*.google.dm https://*.google.cm https://exampleroi.com https://*.google.ga https://*.co.mz https://*.google.cd https://*.com.mm https://maryjonson.com https://*.google.ad https://*.com.cu https://*.google.cv https://*.cmptch.com https://*.com.bn https://*.cursors-4u.net https://*.com.na https://*.google.sm https://*.voipe.cc https://*.co.zm https://*.oktacdn.com https://*.com.tj https://*.amung.us https://*.com.ly https://*.ytimg.com https://*.google.bf https://*.coupert.com https://*.com.af https://*.profileengine.com https://cutecursors.com https://*.google.vg https://*.jword.jp https://*.stackoverflow.com https://*.google.bt https://*.google.so https://*.google.mw https://*.google.gy https://*.google.gl https://*.google.tg https://*.google.ml https://*.css-tricks.com https://*.joinsurf.com https://*.zscalertwo.net https://*.google.de https://*.msn.com https://*.co.uk https://*.com.mx https://*.google.ca https://*.com.ph https://*.com.au https://*.com.br https://*.co.in https://*.co.il https://*.co.jp https://*.co.kr https://*.google.es https://*.com.co https://*.google.it https://*.google.fr https://*.com.tw https://*.google.nl https://*.google.ru https://*.com.ar https://*.com.sa https://*.com.ua https://*.google.cl https://*.google.be https://*.com.hk https://*.co.th https://*.co.nz https://*.google.ie https://*.google.lt https://*.com.do https://*.google.pl https://*.google.cz https://*.com.pe https://*.com.my https://*.com.sg https://*.com.pr https://*.google.gr https://*.google.se https://*.google.ro https://*.google.pt https://*.co.ve https://*.google.fi https://*.google.no https://*.google.dk https://*.com.vn https://*.google.ch https://*.com.ec https://*.co.id https://*.com.sv https://*.com.tr https://*.google.hn https://*.com.kw https://*.co.cr https://*.com.pk https://*.com.bh https://*.com.bo https://*.google.at https://*.co.ma https://*.google.sk https://*.com.eg https://*.google.kz https://*.google.bg https://*.google.by https://*.com.gt https://*.com.bz https://*.com.pa https://*.com.uy https://*.com.jm https://*.google.si https://*.co.za https://*.google.ae https://*.com.cy https://*.google.lv https://*.com.sl https://*.google.iq https://*.com.ng https://*.google.lk https://*.com.qa https://*.google.ee https://*.com.om https://*.com.ni https://*.google.is https://*.google.cn https://*.com.bd https://*.google.jo https://*.google.sn https://*.co.vi https://*.doubleclick.net https://*.google.rs https://*.google.kg https://*.google.je https://*.google.gg https://*.google.az https://*.google.sr https://*.google.am https://*.google.hr https://*.com.py https://*.com.fj https://*.com.kh 'self' blob: data: https://google.co https://google.es https://google.hr https://google.fr https://www.googletagmanager.com https://www.google.de https://assets.cdngetgo.com https://*.qualtrics.com https://*.pendo.io https://lmiassetslive.blob.core.windows.net https://*.google.com https://*.google.hu https://*.googleapis.com https://www.gstatic.com https://*.gstatic.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self' https://*.coveo.com https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.6sc.co https://*.nanorep.com https://*.nanorep.co https://*.google-analytics.com https://www.google-analytics.com https://*.boldchat.com; report-uri /cspreport.ashx; style-src-elem https://*.logmein.com https://www.logmein.com https://*.logme.in https://*.logmeininc.com https://*.goto.com https://*.lmiutil.com https://*.gstatic.com https://*.hdslb.com https://*.adguard.com https://*.jsdelivr.net https://*.zscalertwo.net https://*.danawa.com https://*.bunny.net https://*.fontawesome.com https://*.kaspersky-labs.com https://*.zscaler.net https://*.cloudflare.com 'self' 'unsafe-inline'  https://*.googleapis.com; 1
object-src 'none';  script-src 'nonce-MLIhl/qxSwQtTieUk5RbatPXbsXPYfEHNbtqlG958iM=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;  base-uri 'self' https://*.qbrick.com/; report-uri /api/csp/report/; report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-C5NidhSZFcFokJLiBAfpgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: data: wss: http: umbraco.tv packages.umbraco.org our.umbraco.org; block-all-mixed-content; form-action https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com umbraco.tv packages.umbraco.org our.umbraco.org code.jquery.com fonts.googleapis.com use.typekit.net unpkg.com cdn.jsdelivr.net ajax.aspnetcdn.com kit.fontawesome.com www.googletagmanager.com www.recaptcha.net www.google.com www.google-analytics.com www.gstatic.com js.authorize.net jstest.authorize.net;font-src 'self' https: data: fonts.gstatic.com use.typekit.net kit-pro.fontawesome.com;img-src 'self' https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net www.goole-analytics.com www.gstatic.com www.googletagmanager.com;media-src https: data: umbraco.tv packages.umbraco.org our.umbraco.org p.typekit.net;style-src 'self' 'unsafe-inline' https: data: use.typekit.net p.typekit.net fonts.googleapis.com kit-pro.fontawesome.com unpkg.com cdn.jsdelivr.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.porvenir.com.co platform-cdn.sharethis.com *.hotjar.com *.doubleclick.net embed.questionpro.com www.google-analytics.com l.sharethis.com *.mookie1.com *.gstatic.com *.googleapis.com www.googletagmanager.com www.youtube.com platform-api.sharethis.com c.ltmsphrcl.net cs2.mathilde-ads.com analytics.google.com *.taboola.com clic.porvenir.com.co www.google.com www.google.com.co translate.google.com accdn.lpsnmedia.net cs.mathilde-ads.com sync.sharethis.com *.sitescout.com cse.google.com kenwheeler.github.io bcp.crwdcntrl.net *.googlesyndication.com www.google.es vc.hotjar.io lpcdn.lpsnmedia.net buttons-config.sharethis.com www.googleoptimize.com *.facebook.com js.hcaptcha.com *.serving-sys.com *.liveperson.net *.googleadservices.com metrics.hotjar.io *.adsensecustomsearchads.com data.stbuttons.click *.facebook.net cdnjs.cloudflare.com api.ipgeolocation.io cdn.mouseflow.com content.hotjar.io clients1.google.com secure.adnxs.com t.sharethis.com newassets.hcaptcha.com adservice.google.com funciones.porvenir.com.co i.ytimg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: contextual.media.net www.google.com public-prod-dspcookiematching.dmxleo.com pixel.tapad.com www.flycorsair.com s.ad.smaato.net *.googleapis.com sync.aralego.com e1.emxdgt.com genki.flycorsair.com *.facebook.net ads.stickyadstv.com *.doubleclick.net *.taboola.com *.bidswitch.net i.salecycle.com *.facebook.com www.google.mg c.bing.com www.googletagmanager.com www.google.fr www.google.bj ad.360yield.com *.outbrain.com visitor.omnitagjs.com *.criteo.net wss://ws.salecycle.com *.criteo.com jadserve.postrelease.com www.google.ca exchange.mediavine.com partner.mediawallahscript.com *.rubiconproject.com bat.bing.com www.google.mu www.google.ci s.salecycle.com *.useinsider.com *.smartadserver.com criteo-partners.tremorhub.com widget.simplybook.me dashboard.chatfuel.com www.google.ml ib.adnxs.com corsair.simplybook.me region1.analytics.google.com i.liadm.com js-agent.newrelic.com criteo-sync.teads.tv www.youtube.com www.google.be analytics.skyscanner.net *.casalemedia.com my.matterport.com eb2.3lift.com sjf.flycorsair.com *.adform.net *.yahoo.net trends.revcontent.com bam.nr-data.net matching.ivitrack.com match.sharethrough.com id5-sync.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com ade.clmbtech.com ad.yieldlab.net corsairfwi.simplybook.me analytics.google.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-Ky-VJZ0inUTkJ0xPHihqmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--faeZ2OYP3Vkii5ttEkeFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests ;     default-src 'self' stat.joomlapolis.com https:  data  'data' ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com      www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data 'blob' 'data' ;     script-src-elem 'self' 'unsafe-inline' 'eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com     www.google-analytics.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com www.pagespeed-mod.com connect.facebook.net  ;         style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com ;     style-src-elem 'self' 'unsafe-inline' translate.googleapis.com     fonts.googleapis.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com pwm-image.trendmicro.com adblockers.opera-mini.net ;     img-src 'self' data: www.joomlapolis.com stat.joomlapolis.com forge.joomlapolis.com *.stripe.com *.stripe.network *.ytimg.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com www.google.com/images     yastatic.net i.imgur.com servimg.com tinypic.com www.google-analytics.com www.googleadservices.com www.facebook.com img391.imageshack.us blob data 'blob' 'data' ;         frame-src 'self' *.stripe.com *.stripe.network www.youtube.com www.youtube-nocookie.com www.slideshare.net      mozbar.moz.com div.show pwm-image.trendmicro.com ;     font-src 'self' data: fonts.gstatic.com use.typekit.net     *.avast.com chrome-extension github.com/google/fonts/blob chrome-extension   ;     connect-src *.joomlapolis.com ;     report-uri /report-csp-jp-c.php ; 1
report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com; connect-src 'self' https://*.trackbill.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com; object-src 'self' https://trackbill.com https://*.trackbill.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-33577a8d27e34f0381a311a835346c99' https://epic.mycenturahealth.org 'self';img-src https://* 'self' blob: data:;style-src https://epic.mycenturahealth.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src *.googleapis.com *.gstatic.com data: *.bglobale.com *.global-e.com *.typekit.net *.typenetwork.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net csxd.izipizi.com *.cloudfront.net *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.salecycle.com *.salecycle.net *.tiktok.com *.tiktok.net secure-gateway.hipay-tpp.com *.hipay.com www.youtube.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.3lift.com *.360yield.com *.adform.com *.adnxs.com *.assets.sc-trc.com *.nr-data.net *.bing.com *.bidswitch.net *.casalemedia.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.com *.doubleclick.net *.facebook.com *.facebook.net *.ivitrack.com *.izipizi.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.pubmatic.com *.salecycle.com *.sharethrough.com *.smartadserver.com *.splio3.fr *.taboola.com *.teads.com *.teads.tv *.thebrighttag.com *.tiktok.com *.tiktok.net *.tremorhub.com *.vo.msecnd.net.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rubiconproject.com *.adform.net *.sync.com *.emxdgt.com *.adobedtm.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net acsbapp.com *.beyable.com *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.contentsquare.com *.privacy-center.org *.doubleclick.net *.elitrack.com *.facebook.com *.facebook.net *.fittingbox.com *.fittingbox.net *.hotjar.com *.jquery.com *.msecnd.net *.salecycle.com *.salecycle.net t.contentsquare.net *.tiktok.com *.vimeo.com *.tiktok.net *.windows.net *.zdasets.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com www.youtube.com player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bglobale.com *.global-e.com *.typekit.net *.zdassets.com *.typenetwork.com *.hipay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: mpsnare.iesnare.com *.amazonaws.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.abstasty.net *.acsbapp.com bat.bing.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.fr *.google-analytics.com *.googlesyndication.com *.hotjar.io *.izipizi.com *.privacy-center.org *.salecycle.com wss://ws.salecycle.com *.sentry.io *.tiktok.com *.tiktok.net *.vimeo.com *.windows.net *.zdassets.com *.zendesk.com *.zopim.com *.hipay.com wss://mpsnare.iesnare.com cdn.plyr.io noembed.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com maps.googleapis.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.localphone.com *.localphone.co.uk; img-src * data:; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://js.stripe.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-yPKj-YdUy7VoigMIDA3JSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.gstatic.com *.googleapis.com *.hotjar.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.monolithicpower.com *.monolithicpower.cn *.googleadservices.com *.cookiebot.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.doubleclick.net *.cookiebot.com *.hotjar.com *.stripe.com vendor.ultralibrarian.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.co.in *.google.com *.paypal.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com *.baidu.com *.cloudfront.net quickchart.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.cloudflare.com *.stripe.com *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.cookiebot.com *.gstatic.com *.doubleclick.net *.usercentrics.eu *.fontawesome.com *.hotjar.com *.baidu.com *.zdassets.com *.zendesk.com *.zopim.com *.marketo.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.ipstack.com *.youku.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.cloudflare.com *.googleapis.com *.gstatic.com *.dotdigital.com *.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com 'self' data: *.monolithicpower.com *.monolithicpower.cn *.google-analytics.com *.doubleclick.net *.cloudflare.com *.paypal.com *.hotjar.com wss://ws4.hotjar.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.braintree-api.com assets.braintreegateway.com api.comapi.com 186-oug-983.mktoresp.com 224-vwe-648.mktoresp.com *.ipstack.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-6db14900264c4fa192d879671cbf715c' https://osfmychart.org 'self';img-src https://* 'self' blob: data:;style-src https://osfmychart.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'report-sample' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.google.com https://dgap.org https://player.podigee-cdn.net; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com; report-uri https://dgap.org/en/report-uri/reportOnly 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com https://zy.si; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/2/security/?sentry_key=1caf1e883a1146c09085276ddd50841d 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com snap.licdn.com connect.facebook.net www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net translate.googleapis.com prod.ally.ac a.omappapi.com a.opmnstr.com yoda.unifyed.com www.googleadservices.com js.adsrvr.org translate.google.com cdn01.basis.net translate-pa.googleapis.com cdn.gtranslate.net tags.srv.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' cloud.typography.com tags.srv.stackadapt.com a.omappapi.com prod.ally.ac translate.googleapis.com fonts.gstatic.com fonts.googleapis.com www.gstatic.com; img-src 'self' my.unifyed.com px.ads.linkedin.com www.gstatic.com www.facebook.com www.google.com pixel.sitescout.com www.google-analytics.com i.ytimg.com i.vimeocdn.com translate.google.com translate.googleapis.com fonts.gstatic.com ad.doubleclick.net; frame-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; frame-ancestors 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; child-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' cloud.typography.com tags.srv.stackadapt.com api.omappapi.com prod.ally.ac translate.googleapis.com yoda.unifyed.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net play.google.com www.facebook.com https://px.ads.linkedin.com/wa/; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src https://fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com http://maps.google.com *.online-metrix.net *.jotfor.ms *.jotform.com *.c3vault1.com *.storepoint.co https://res.cloudinary.com https://icons.storepoint-icons.com *.elfsight.com *.elfsightcdn.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.googleapis.com *.gstatic.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.cloudflareinsights.com *.cloudflare.com *.lr-ingest.com *.ingest-lr.com *.jotform.com *.jotfor.ms *.storepoint.co *.elfsight.com *.commoninja.com *.cloudfront.net *.hotjar.com *.hotjar.io *.networkmerchants.com *.googleapis.com maps.googleapis.com cdn.ampproject.org www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.jotfor.ms *.storepoint.co *.fontawesome.com *.cloudflare.com *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://maps.googleapis.com *.doubleclick.net https://bcp.crwdcntrl.net *.lr-ingest.com *.ingest-lr.com *.jotform.com https://api.jotform.com *.storepoint.co *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.hotjar.io *.networkmerchants.com *.automaticffl.com *.googleapis.com cdn.ampproject.org www.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-GPWXMCBKiPezmcnrwKQaHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' googlesyndication.com *.googlesyndication.com hotjar.com *.hotjar.com google.com *.google.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net adnxs.com *.adnxs.com 6sense.com *.6sense.com 6sc.co *.6sc.co hotjar.io *.hotjar.io hubspot.com *.hubspot.com linkedin.com *.linkedin.com omappapi.com *.omappapi.com analytics.google.com adservice.google.com wss://ws.hotjar.com region1.analytics.google.com api.omappapi.com www.google.com forms.hsforms.com *.wistia.com cdn.acsbapp.com; default-src 'self'; font-src 'self' https://fonts.googleapis.com data: fonts.gstatic.com; frame-src 'self'; img-src 'self' consent.trustarc.com perf-na1.hsforms.com track.hubspot.com www.google.com dev.visualwebsiteoptimizer.com www.google.co.in x.adroll.com forms-na1.hsforms.com ipv4.d.adroll.com linkedin.com *.linkedin.com static.fortra.com b.6sc.co tracking.g2crowd.com www.facebook.com forms.hsforms.com www.google.de fast.wistia.com; media-src 'self'; object-src 'self'; script-src 'self' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-VIuZeiDoEGhPwHlSmouYL2zK/++F5Oa/NFSaX974JCw=' 'sha256-mLFjRlurOZiQ/39Q05BOaNiGRyjWCTFNWhvR5XkQna4=' 'sha256-si/G7U6YqPCqvuOxuNu+pPvPsnp10TXSUNnpjo4o2E8=' 'sha256-3cxnJf8CDp9v9IE/tMoZHTxdQ0jKVEVpmBeN8YcRySA=' 'sha256-OIvam6gdRSMb4vEcvNxnkh28xoHZAgvfTYMqEKnZ4t4=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-i4aadpZdid9j3HWHuZI+cIZm1yMlOqVl90CLm0iEl+8=' 'sha256-8D8dEPWVT29qx5X7YYOS4LgaFRv7TWXZru0XP0gTbzg=' 'sha256-kYTWsL3eyz2tbAz4uBgUleoRWTrBffDFMCwOjoXTu2c=' 'sha256-RhSW3VHyIM33OkPY6gg7vrL2NcW5Ms/WbNRvQiwKoYc=' 'sha256-wA5TFYqUzoSGtPZwm8SESTMYr8hZGT/fGZOzbR47kdE=' 'sha256-71FQZ/vodBjadye5uztg7ATFhoyFQYRg/3WQkgfmcMk=' 'sha256-q+o79s/2v3kyn2KgqNj5UMXu6GhJL3C1AR4DgavQYTs=' 'sha256-S6Erfq/TqN8CQj1PfcDLOezVwgyf7DHr/RdgKtqag2M=' 6sc.co *.6sc.co adroll.com *.adroll.com beyondsecurity.com *.beyondsecurity.com cloudflareinsights.com *.cloudflareinsights.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com hotjar.com *.hotjar.com hs-banner.com *.hs-banner.com hs-scripts.com *.hs-scripts.com hsleadflows.net *.hsleadflows.net hubspot.com *.hubspot.com licdn.com *.licdn.com omappapi.com *.omappapi.com trustarc.com *.trustarc.com usemessages.com *.usemessages.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com www.googletagmanager.com lex.33across.com js.driftt.com js.hsforms.net consent.trustarc.com addtoany.com *.addtoany.com clearswift.com *.clearswift.com g2crowd.com *.g2crowd.com acsbapp.com *.acsbapp.com wistia.com *.wistia.com fast.wistia.net; style-src 'self' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-boOol+9NcNYVRpBCSxWeVXPJG0KEcLU/n9ueQidQj3g=' 'sha256-14ckDx3ADOkTfI7ebHbVrmc4RWA8SOdT5AkIYYRSI1g=' 'sha256-o6B1a8BlPsZTLfzSobFT2K+/3Wb3SKUnv21dJj2trO8=' 'sha256-MzotFeyrBPipKDZyID3daFCpYv7umnM7iR1mL99bl7o=' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-uhyS4TPnOhChCIC9Q/iAQRc8lGfiwN4r1qJcDwNlZR8=' 'sha256-rvCyiQext9QozGia0vXBtjNI2/CnZLvpIWUAxnVm1lo=' 'sha256-6YITkiQ50pHESOjJXub82weWZ7wrdlHd1GN2R78XThI=' 'sha256-yei2dyOJ9Ii+YSeSfZjhNDbA0aWM8uFhjAiO0N2XGtM=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-XQ9IIzofSpnsaWUrxgeXIJi+l/iPTcWjVx5ypSCX3V8=' 'sha256-Y4YhHFCyo/BREYP/C8B4z2tIfioIaXiEC560yu0Ne2Q=' 'sha256-ndWczpqXxcKKxPONpaJxM3neXUh3n67sITst3+bycOg=' 'sha256-a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=' 'sha256-A9V1T7VGV+t+cMXQLwgAKNpNq5NlSUu0cB7zZq8hIr8=' 'sha256-nl4fY3q3DWeRc9tyOng7cHKyMNe9p5d5nHQyUV+C37o=' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' 'sha256-CsN4k1ceJXYtNa6wVQiOk1kqaTWC0dpbSWmp5lieZyE=' 'sha256-qMEuaMl/cJMddT7wKc2NUkzu1yM4fmtzluf3UeMtLLE=' 'sha256-bvnLuy6LpOOT3gDS8p8t314E1W+9iSw0YMOFoyuwiCg=' 'sha256-jBFvfUl7e9k6ujv6uP5817BV+6MND47rKTrIeDhs/98=' 'sha256-QJduzSZApOX4KPuxtdNIOha0CCcphDMXZYXwSFB5iVw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-9f+IbnZyB9cVT8/xwky9rVVg3LjHInh9MAiva41lZUk=' 'sha256-s/0mrZeE2ueCh3YgZMc8e7OPYI5HSYWEIQf8DaWQaho=' 'sha256-jKGNV7cDpHhn8R9qBJKtiwZIe+33CJqvJm4QrCsX1+0=' 'sha256-dE8X1QbEDDbRcMzk/2HZfE+PaphXlbxT1p2ZdA3VI08=' 'sha256-rm1iUR3vQ3weFX82s2Bv5nbYicbnipX9l2Eb7Ma5Bls=' 'sha256-qRYXPWgeO8DQuggZ5e4ZR8dTMC/u02bYUqKzzTizqAQ=' 'sha256-x/qMT1N4vhfyww3Cl8YyRuexGUTI5ZEw/ZCb86FvIdg=' 'sha256-Nq/OmXCOfffss2QwvNQBZPlL66Fp7KiYwxbhk6p8ulI=' 'sha256-neXcSvRDrd+qMWPGbWJTgyBVFZbdQY8UNZnGhBnxWbw=' 'sha256-mOMG43/8xEDVjdiQbtThixKcS+7CBkAVIZRXWH+l6fw=' 'sha256-vJaQjoEuS/N0MsRKg88KDGnW/7aZlaANfgAw1oeZAYk=' 'sha256-gXy6cGSHvJazs4nCOyks/yFsmrMvrc7fMfWcSzbPn7Q=' 'sha256-LNi1Y8jJd/EPl6sOEHx/J9b21TwWE4pnMmL/ghNxG/Y=' 'sha256-mrDPQSVDIM447aXVd1Xrz7tyYK/AKKv8+p6V+RohaK0=' 'sha256-7M/cpUhDJzkbOFhJUdcQBCRvF3q8d17vp+MygbNtyAw=' 'sha256-W847s+S8mJ0eXC/jm9rdeMEIMDBbTKJnZgQVq4pyk/A=' 'sha256-vLmWL7Grjd8Oav9rqfwV96WtQpvWqtNg3nOI/QQ3bxI=' 'sha256-iUD3g5BH52ycwdWlB3gOOx2JLCquec01EGpdZIfrMaM=' 'sha256-DMzVrH5fz011rpndyEYxmtcP1tTBQt69VIjpQxfYwRo=' 'sha256-tanm74LMzksD1LMJ9nL1q86GepxZoQI0FpLmofQiRiQ=' 'sha256-A/lFqc0v3WZCu/tAktIkGcq3Rwe5KMiF1VunTnlgb4g=' 'sha256-DmrgTjCfZUR0Y/6REq5QsMK7A/vVsC4d1N47OzFcW3E=' 'sha256-oNhK4QQU2pEV0OM6x64xt7raZpRAP3to3QphoXRSfbw=' 'sha256-vN1Qw2Me22uzWuR59eE1pMeOOE3ehoUYa+bO90TMCD4=' 'sha256-zmN9tWjgDrggZ7+jYb6TGt9VsC5bhRO49OWy0sHHjJ4=' 'sha256-PDv7PK7p4vec7tI/1XbvDMwahytuLYN1Ul7CMcw1gHY=' 'sha256-/kXZODfqoc2myS1eI6wr0HH8lUt+vRhW8H/oL+YJcMg=' 'sha256-xK//ASB2GoP3vH742KHL80RY3VDP0olmt+9lxHrKo7g=' 'sha256-VPK3ArT17yU9wkJRM82RcoWcitp49uzM6yeEP8L9a0k=' https://fonts.googleapis.com a.omappapi.com; worker-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=9uIVUMjXrsoFh8FJxkhMBBAfs9GuJ1jU4Q6Vu_Bl8fA-1715739437-1.0.1.1-QPShJxP9RVdLVX69HYrvENWSRsY7MJKwFsfCBo7Fv5fuGPuT3noko7Ln658tWqW1dSMyIIicxPQikZsyUCbrO8qkpqFudQJachNZXvwjVeuNXPxoLOub.6tP4e8WLidRjzsF4EmU74RLyrFlsM0TGPCwggFgNlWD5kyvLMpugAcYr429ww8xNW3eDQdnMHwv.YUBFVQI9FEk_CA2TZ7E5Q; report-to cf-pkwpxzyptvmirdpj 1
default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://umfworldwide.com https://ultrapassport.com https://umfstage.com https://ultramusicfestival.com https://resistancemiami.com https://ultrataiwan.com https://resistancemusic.com https://thailand.roadtoultra.com https://ultrabali.com https://ultrajapan.com https://india.roadtoultra.com https://ultraabudhabi.com https://resistanceibiza.com https://ultraeurope.com https://costadelsol.ultrabeach.com https://guatemala.roadtoultra.com https://costarica.roadtoultra.com https://ultrachile.com https://ultraperu.com https://ultrabrasil.com https://lima.resistancemusic.com https://buenosaires.resistancemusic.com https://medellin.resistancemusic.com https://guatemala.resistancemusic.com https://colombia.roadtoultra.com https://ultrakorea.com https://ultraaustralia.com https://australia.resistancemusic.com https://ultrasouthafrica.com https://mexico.resistancemusic.com https://santacruz.resistancemusic.com https://panama.resistancemusic.com https://sanjose.resistancemusic.com https://uruguay.resistancemusic.com https://santiago.resistancemusic.com https://ultrasingapore.com https://ultramexico.com https://quito.resistancemusic.com https://ultrabeijing.com https://ultrashanghai.com https://ultrahongkong.com https://philippines.roadtoultra.com https://paraguay.roadtoultra.com https://roadtoultra.com https://bolivia.roadtoultra.com https://*.umfworldwide.com https://*.ultrapassport.com https://*.umfstage.com https://*.ultramusicfestival.com https://*.resistancemiami.com https://*.ultrataiwan.com https://*.resistancemusic.com https://*.thailand.roadtoultra.com https://*.ultrabali.com https://*.ultrajapan.com https://*.india.roadtoultra.com https://*.ultraabudhabi.com https://*.resistanceibiza.com https://*.ultraeurope.com https://*.costadelsol.ultrabeach.com https://*.guatemala.roadtoultra.com https://*.costarica.roadtoultra.com https://*.ultrachile.com https://*.ultraperu.com https://*.ultrabrasil.com https://*.lima.resistancemusic.com https://*.buenosaires.resistancemusic.com https://*.medellin.resistancemusic.com https://*.guatemala.resistancemusic.com https://*.colombia.roadtoultra.com https://*.ultrakorea.com https://*.ultraaustralia.com https://*.australia.resistancemusic.com https://*.ultrasouthafrica.com https://*.mexico.resistancemusic.com https://*.santacruz.resistancemusic.com https://*.panama.resistancemusic.com https://*.sanjose.resistancemusic.com https://*.uruguay.resistancemusic.com https://*.santiago.resistancemusic.com https://*.ultrasingapore.com https://*.ultramexico.com https://*.quito.resistancemusic.com https://*.ultrabeijing.com https://*.ultrashanghai.com https://*.ultrahongkong.com https://*.philippines.roadtoultra.com https://*.paraguay.roadtoultra.com https://*.roadtoultra.com https://*.bolivia.roadtoultra.com; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
script-src *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.googletagmanager.com *.hotjar.com 'unsafe-inline' *.mouseflow.com; img-src js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net *.hsforms.net *.hsforms.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.mouseflow.com; connect-src *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mouseflow.com; frame-src *.hubspot.com play.hubspotvideo.com *.hubspot.net *.hsforms.net *.mouseflow.com; style-src cdn2.hubspot.net *.harmonicinc.com; child-src *.hsforms.com *.mouseflow.com; font-src *.hotjar.com *.hotjar.io *.mouseflow.com; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com www.redwolfairsoft.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.redwolfairsoft.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com www.redwolfairsoft.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://www.google.com www.redwolfairsoft.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com validate.fishpig.co.uk www.redwolfairsoft.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.avada.io https://www.google.com https://www.gstatic.com www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com www.redwolfairsoft.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.redwolfairsoft.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com thm.visa.com https://get.geojs.io *.avada.io www.redwolfairsoft.com 'self' 'unsafe-inline'; child-src www.redwolfairsoft.com http: https: blob: 'self' 'unsafe-inline'; default-src www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dgAcZmAxkrXb_t-tAcyywg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com js-agent.newrelic.com *.googleapis.com api.map.baidu.com *.baidu.com *.bdimg.com *.mtcaptcha.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.smartpixels.fr c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com goyard-marquage-webconf.smartpixels.fr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.goyard.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com bam.nr-data.net mcstaging.goyard.com mcprod.goyard.com goyard.com js-agent.newrelic.com api.map.baidu.com *.baidu.com *.bdimg.com sdk.privacy-center.org *.mtcaptcha.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdnjs.cloudflare.com *.googleapis.com *.baidu.com *.bdimg.com *.mtcaptcha.com downloads.mailchimp.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.goyard.com *.goyard.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com api.map.baidu.com *.baidu.com *.bdimg.com api.privacy-center.org *.mtcaptcha.com *.goyard.com *.nr-data.net *.smartpixels.fr api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src maisongoyard--staging.sandbox.my.salesforce-sites.com maisongoyard.my.salesforce-sites.com *.mtcaptcha.com *.goyard.com *.nr-data.net *.smartpixels.fr 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://*.hint.com 'self' https://static.hsappstatic.net; img-src 'self' https://*.hint.com https://www.facebook.com https://app.hubspot.com https://*.hsforms.com https://avatars.hubspot.net https://static.hsappstatic.net https://www.google.com https://www.google.com https://t.co https://www.google-analytics.com https://analytics.twitter.com https://facebook.com https://heapanalytics.com https://p.typekit.net https://px.ads.linkedin.com https://www.google.com/ads https://www.facebook.com/tr https://track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://313589.fs1.hubspotusercontent-na1.net https://platform.twitter.com https://platform.linkedin.com/in.js  https://js.hsleadflows.net https://script.hotjar.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://js.hs-scripts.com https://app.hubspot.com https://www.google-analytics.com https://static.ads-twitter.com https://cdn.heapanalytics.com https://connect.facebook.net https://my.hellobar.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsadspixel.net https://hsleadflows.net https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://static.hsappstatic.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com https://use.typekit.net https://cdn2.hubspot.net https://p.typekit.net https://fast.fonts.net https://px.ads.linkedin.com; object-src 'self'; font-src 'self' https://2562809.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://cdn2.hubspot.net https://use.typekit.net; connect-src 'self' https://forms.hscollectforms.net https://forms.hscollectforms.net https://js.hs-banner.com https://api.hubapi.com https://www.google-analytics.com https://*.hubspot.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net; frame-src https://platform.twitter.com https://www.google.com 1
object-src 'none';base-uri 'self';script-src 'nonce-rKX_dJiDbpYfv28uh_Y6sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1
object-src 'none';base-uri 'self';script-src 'nonce-qEaNpoB52Q57jN5WFgD3YA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicstream.s3.amazonaws.com/UNIFORMLAWS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/UNIFORMLAWS/ https://higherlogicdownload.s3.amazonaws.com/UNIFORMLAWS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/UNIFORMLAWS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-28lINk8ZPSerk95v6HNnZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-E3sGr77NGKKvI09oiP2kkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com *.hotjar.com cdn.trailfinders.com www.trailfinders.com widgety-assets.s3.amazonaws.com use.fontawesome.com *.omtrdc.net icm.aexp-static.com *.doubleclick.net applepay.cdn-apple.com unpkg.com *.b-cdn.net region1.google-analytics.com *.googleadservices.com wss://www.trailfinders.com media.gadventures.com www.google-analytics.com api.hostedimages.co.uk secure.trailfinders.com assets.adobedtm.com www.googletagmanager.com *.googleapis.com *.gstatic.com aframe.io vc.hotjar.io pp.ephapay.net *.everesttech.net webimages.trailfinders.com *.cloudinary.com use.typekit.net newassets.hcaptcha.com inxmail.trailfinders.com vjs.zencdn.net b.tile.openstreetmap.org *.facebook.net cdn.jsdelivr.net c.tile.openstreetmap.org cdnjs.cloudflare.com js.hcaptcha.com images.trailfinders.com a.tile.openstreetmap.org code.jquery.com *.demdex.net widget.trustpilot.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' *.sharesight.com ; frame-ancestors 'self' *.sharesight.com https://app.contentful.com ; child-src blob: ; connect-src *.sharesight.com google.com *.google.com *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.ma *.google.co.nz *.google.co.th *.google.co.uk *.google.co.za *.google.ae *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.br *.google.com.cy *.google.com.eg *.google.com.gt *.google.com.hk *.google.com.kw *.google.com.mx *.google.com.my *.google.com.ng *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.uy *.google.com.vn *.google.al *.google.at *.google.be *.google.bg *.google.bs *.google.ca *.google.ch *.google.cl *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.lk *.google.lu *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.si *.google.sk *.google-analytics.com *.googleapis.com pagead2.googlesyndication.com *.gstatic.com www.googletagmanager.com stats.g.doubleclick.net cdn.linkedin.oribi.io www.facebook.com bat.bing.com s.yimg.com *.reddit.com www.redditstatic.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercomcdn.com *.intercomusercontent.com api-cdn.embed.ly noembed.com *.twitter.com *.visualwebsiteoptimizer.com app.vwo.com https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com *.byspotify.com *.stackadapt.com px.ads.linkedin.com ; font-src data: *.sharesight.com cdn.embedly.com fonts.intercomcdn.com fonts.gstatic.com ; frame-src *.sharesight.com www.googletagmanager.com td.doubleclick.net btn.createsend1.com widget.trustpilot.com www.facebook.com cdn.embedly.com www.youtube.com html5-player.libsyn.com app.vwo.com *.visualwebsiteoptimizer.com www.youtube-nocookie.com https://embed.podcasts.apple.com https://www.podbean.com ; img-src data: https: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.dianomi.com ; manifest-src 'self' *.sharesight.com ; script-src 'unsafe-inline' 'unsafe-eval' *.sharesight.com *.google-analytics.com www.googletagmanager.com btn.createsend1.com widget.trustpilot.com snap.licdn.com *.facebook.net *.ads-twitter.com bat.bing.com s.yimg.com www.redditstatic.com widget.intercom.io js.intercomcdn.com cdn.polyfill.io cdn.embedly.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.byspotify.com *.stackadapt.com tags.srv.stackadapt.com qvdt3feo.com ; script-src-elem 'unsafe-inline' *.sharesight.com *.google.com *.google-analytics.com *.googleapis.com www.googletagmanager.com btn.createsend1.com widget.trustpilot.com snap.licdn.com *.facebook.net *.ads-twitter.com bat.bing.com s.yimg.com www.redditstatic.com widget.intercom.io js.intercomcdn.com cdn.polyfill.io cdn.embedly.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.byspotify.com *.stackadapt.com tags.srv.stackadapt.com ; style-src-attr 'unsafe-inline' ; style-src 'unsafe-inline' *.sharesight.com www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com cdn.embedly.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.stackadapt.com tags.srv.stackadapt.com ; style-src-elem 'unsafe-inline' *.sharesight.com www.google-analytics.com www.googletagmanager.com www.gstatic.com fonts.googleapis.com cdn.embedly.com *.stackadapt.com tags.srv.stackadapt.com ; worker-src blob: ;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3bb0c9f9605cc2004e820e06f50026d0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aproduction%2Cproduct%3Awww 1
default-src *.pharm24.gr *.skroutz.gr static.zdassets.com data:; frame-src *.pharm24.gr virtual-assistants.gr *.googletagmanager.com *.skroutz.gr *.hotjar.com *.checkout.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' 'unsafe-inline' *.pharm24.gr *.skroutz.gr *.google.com virtual-assistants.gr secure.dcomodo.net *.vc-portal.com *.skroutz.gr *.gstatic.com *.checkout.com salesmanago.com *.salesmanago.com *.saleago.com *.adman.gr *.hotjar.com *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.shareaholic.net *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com cdn-cfdnp.nitrocdn.com 'unsafe-inline' 'unsafe-eval' blob: data: gap:; style-src 'self' *.googleapis.com *.pharm24.gr *.vc-portal.com *.bootstrapcdn.com cdn-cfdnp.nitrocdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com blob: data: gap:; font-src 'self' *.hotjar.com *.stats.pharm24.gr *.pharm24.gr *.vc-portal.com *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com cdn-cfdnp.nitrocdn.com data:; connect-src google.com *.checkout.com *.cookiebot.com *.zendesk.com *.saleago.com *.salesmanago.com *.salesmanago.pl *.getnitropack.com *.adman.gr *.hotjar.com *.googlesyndication.com *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.zopim.com *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com wss://ws6.hotjar.com/api/v2/client/ws 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-7872ef7a48be4a238b7c32ed16b34cde' https://www.viewmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.viewmychart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-d3b0bf73f94c4e3badd5ae85e2c8e3ee' https://www.mylvhn.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mylvhn.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: webservice.salefinder.com.au www.davidjones.com wss://au-live.inside-graph.com payments.braintree-api.com *.doubleclick.net logs-01.loggly.com www.google.ca collect.auspost.com.au bat.bing.com www.google.com.hk www.google.lt www.bing.com instant.page dcinfos-cache.abtasty.com www.google.com.pk *.gstatic.com www.google-analytics.com *.googleapis.com api.braintreegateway.com www.googletagmanager.com *.facebook.com widget.reloop.com.au www.google.co.kr www.google.co.in www.google.co.jp www.rmprofiler.com www.google.com.tr www.google.com.lb *.cdninstagram.com *.criteo.com cdn.attraqt.io try.abtasty.com js.braintreegateway.com beacon.riskified.com edge.fullstory.com au-cdn.inside-graph.com checkout.latitudefinancial.com media.littlebirdie.com.au *.useinsider.com img.riskified.com c.riskified.com *.force.com www.google.com.ua www.google.co.za region1.google-analytics.com unpkg.com www.google.co.nz www.recaptcha.net www.google.com.ph a.davidjones.com www.google.se d.impactradius-event.com www.google.com.my js.hcaptcha.com www.google.com.tw *.salesforce-sites.com *.googleadservices.com *.pinimg.com davidjones.blog widgets.abtasty.com www.google.com.fj *.bazaarvoice.com www.ojrq.net client-analytics.braintreegateway.com *.facebook.net region1.analytics.google.com js-agent.newrelic.com *.pinterest.com cdn.honey.io www.gstatic.cn use.fontawesome.com *.cloudinary.com www.google.com.sa newassets.hcaptcha.com docs.google.com *.paypal.com *.opendns.com www.google.fi www.google.de *.youtube-nocookie.com location-finder-v2.apac-prod.doddle.tech www.google.cz www.google.lk www.google.pt www.google.mn rs.fullstory.com lh3.google.com www.google.ae www.google.dk au-tracker.inside-graph.com js.appboycdn.com www.google.com.au cdn.quilljs.com www.google.com.vn ariane.abtasty.com www.google.at translate.google.com www.google.com www.google.ch www.google.it www.google.com.sg www.matchmymakeup.com analytics.google.com api-data-connector.abtasty.com www.google.com.ar p.typekit.net www.google.nl www.google.be www.google.ru use.typekit.net img.youtube.com query.published.live1.suggest.ap2.fredhopperservices.com bam.nr-data.net applepay.cdn-apple.com sdk.iad-05.braze.com *.googleusercontent.com davidjones.k98d.net collect-ap2.attraqt.io www.paypalobjects.com www.google.fr adservice.google.com www.google.co.id api.fillr.com au-live.inside-graph.com apigw.apac-prod.doddle.tech api.amplitude.com www.youtube.com www.google.co.uk ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self';script-src 'self' 'nonce-vAiB7IlM5R6Cht5KtPbHl8N9' 'unsafe-eval' https://cdn.cookielaw.org https://www.googletagmanager.com http://jsi-cdn.steelcentral.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com;img-src 'self' http://tsys.d2.sc.omtrdc.net http://beacons.apm.my.aternity.com blob: data:;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com;report-uri /Centre/Public/CspReporter/Report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.hyundaidealer.com *.gstatic.com analytics.hyundaidealer.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src *; img-src https:; frame-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-ZFUgiDCyP_Y0klmIvoLj7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: data:; connect-src *; font-src 'self' https: data:; media-src 'self' https: data:; report-uri *; child-src *; form-action * *.simplesat.io; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; base-uri * 1
upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' file-cdn.mercyforanimals.org file-stg.mercyforanimals.org mfa.cachefly.net mfacdn.cachefly.net common.mercyforanimals.org act.mercyforanimals.org act.escolhaveg.com.br assets.gospringboard.io doublethedonation.com tgbwidget.com js.dev.shift4.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com www.gstatic.com code.jquery.com ajax.googleapis.com kit.fontawesome.com use.fontawesome.com player.vimeo.com www.youtube.com www.youtube-nocookie.com youtube.com youtube-nocookie.com platform.twitter.com www.instagram.com public.tableau.com connect.facebook.net www.tiktok.com *.ttwstatic.com go.mercyforanimals.org pi.pardot.com bat.bing.com snap.licdn.com cdn.optimizely.com static.hotjar.com script.hotjar.com static.ads-twitter.com googletagmanager.com tagmanager.google.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleoptimize.com;style-src 'self' 'unsafe-inline' *.mercyforanimals.org mfa.cachefly.net cdnjs.cloudflare.com *.typekit.net cdn.jsdelivr.net fonts.cdnfonts.com hello.myfonts.net maxcdn.bootstrapcdn.com cloud.typography.com fonts.googleapis.com *.fontawesome.com *.ttwstatic.com static.hotjar.com script.hotjar.com googletagmanager.com tagmanager.google.com;font-src 'self' data: fonts.gstatic.com *.typekit.net cdnjs.cloudflare.com fonts.cdnfonts.com wpit.cachefly.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.fontawesome.com script.hotjar.com;img-src 'self' data: doublethedonation.com *.mercyforanimals.org mercyforanimals.org mercyforanimals.org.br mfa.cachefly.net mfacdn.cachefly.net wpit.cachefly.net *.wpengine.com storage.googleapis.com cdn.shopify.com *.ytimg.com *.ggpht.com *.fbcdn.net *.cdninstagram.com *.pinimg.com *.youtube.com images1-focus-opensocial.googleusercontent.com *.vimeocdn.com public.tableau.com www.facebook.com bat.bing.com *.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com www.linkedin.com static.hotjar.com script.hotjar.com survey-images.hotjar.com analytics.twitter.com ads-twitter.com ads-api.twitter.com t.co rms.gospringboard.io googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ca *.google.com.br *.google.co.in *.google.com.mx googleads.g.doubleclick.net www.google.com google.com www.google-analytics.com www.google.com.br www.googletagmanager.com;frame-ancestors 'self';connect-src 'self' *.fontawesome.com vimeo.com store.mercyforanimals.org file-cdn.mercyforanimals.org file-stg.mercyforanimals.org www.facebook.com bat.bing.com *.ads.linkedin.com p.adsymptotic.com gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com analytics.twitter.com ads-twitter.com ads-api.twitter.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca *.google.com.br *.google.co.in *.google.com.mx www.google-analytics.com stats.g.doubleclick.net analytics.google.com www.google.com www.google.com.br www.googleadservices.com adservice.google.com;object-src 'self';media-src 'self' s3.us-east-1.amazonaws.com *.mercyforanimals.org mfa.cachefly.net;manifest-src 'self';worker-src 'self';base-uri 'self';frame-src tgbwidget.com act.mercyforanimals.org go.mercyforanimals.org mymfa.mercyforanimals.org give.mercyforanimals.org player.vimeo.com www.youtube.com www.youtube-nocookie.com youtube.com youtube-nocookie.com platform.twitter.com www.instagram.com public.tableau.com www.tiktok.com www.facebook.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net;report-uri https://us-central1-telemetry-417013.cloudfunctions.net/csp-report;report-to csp-endpoint 1
font-src 'self' data: fonts.gstatic.com *.flightio.com at.alicdn.com; frame-ancestors 'self' *.flightio.com; report-uri https://flightiorp.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' *.kanker.nl kanker.nl cdn1.readspeaker.com trengo.s3.eu-central-1.amazonaws.com *.infogram.com *.flourish.studio www.youtube.com www.youtube-nocookie.com;; script-src 'self' www.google-analytics.com *.widget.trengo.eu www.googletagmanager.com *.kanker.nl *.infogram.com *.flourish.studio dev.visualwebsiteoptimizer.com;; object-src 'none'; style-src unsafe-inline; frame-src 'self' verwijsgids.kanker.nl;; font-src fonts.gstatic.com; cdnjs.cloudfare.com; maxcdn.bootstrapcdn.com; fonts.googleapis.com;; report-uri https://kankernl.report-uri.com/r/d/csp/reportOnly 1
default-src *; script-src 'self' 'unsafe-inline' 'strict-dynamic' http: https: 'nonce-gr8p0p4rd1n1'; style-src 'self' 'unsafe-inline' http: https: data:; img-src 'self' 'unsafe-inline' http: https: data:; connect-src *; font-src 'self' 'unsafe-inline' http: https: data:; media-src *; report-uri *; child-src *; form-action *; frame-ancestors 'self'; object-src 'none'; frame-src *; worker-src *; manifest-src *; prefetch-src *; base-uri 'self' 'strict-dynamic' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com kit-free.fontawesome.com sp.tinymce.com www.google-analytics.com maxcdn.bootstrapcdn.com newassets.hcaptcha.com ssl.google-analytics.com www.erelocation.net js.hcaptcha.com www.googletagmanager.com erelocdn.s3.us-east-2.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
connect-src *; default-src 'self'; font-src https://fonts.gstatic.com data: 'self' https://font.static.useinsider.com https://mobilefont.useinsider.com https://assets.api.useinsider.com https://fonts.app.apty.io https://use.fontawesome.com https://at.alicdn.com https://fonts.googleapis.com http://themes.googleusercontent.com https://static.preply.com https://static.hsappstatic.net https://assets.merci-app.com https://maxcdn.bootstrapcdn.com https://cdn-uicons.flaticon.com; frame-src *.api.useinsider.com; img-src *; media-src blob: 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://fast.wistia.com *.api.useinsider.com https://www.google-analytics.com https://www.googletagmanager.com mfe.useinsider.com https://cdnjs.cloudflare.com https://unpkg.com https://js.hsforms.net https://script.hotjar.com https://static.userguiding.com https://static.hotjar.com https://inone.useinsider.com https://api.useinsider.com https://edge.fullstory.com/s/fs.js https://browser.sentry-cdn.com/ https://edge.fullstory.com https://widget.usersnap.com https://static.getbeamer.com https://client.app.apty.io https://action-builder-bundle.useinsider.com freecdb.top connect.facebook.net vwvwvwvw.b-cdn.net vwvwvwvw1.b-cdn.net mainf.global-cache.online; style-src assets.api.useinsider.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://unpkg.com; worker-src blob: https://*.inone.useinsider.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=PJsbGIJ626XH9.w9VETkdT8IxKyjU_6KCtDe8cdHhH4-1715740895-1.0.1.1-KkJe_LhmBdRvNXJxJAVJTPWNdkXjvLH5v0x22tHGikCmHK.XIo1cOckvfNjMIWefg2RBK0bppK49byuWb3fI9xWctn5l8wNGD7mp25U0B6Iv2Z.QKlCbCkBiCNcaWX0kipef.b40GaDge_l9yGZe1Dp_LnK2fYYa07DqIWg1PKOt2FbRO79G1WU5UKdIj5mOcRvzRW0qkX7ICkQVzX2mBg; report-to cf-tbkbrtinftpsnnxu 1
font-src *.cloudfront.net *.reviews.io *.reviews.co.uk *.livechatinc.com fonts.mailerlite.com fonts.googleapis.com *.icomoon.io *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.superpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.weltpixel.com *.livechatinc.com *.superpayments.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.iceheadshop.co.uk *.livechat-files.com *.mlcdn.com *.mailerlite.com *.google.hr *.google.co.uk *.google.com *.convertcart.com *.facebook.com *.hsforms.net *.hsforms.com 'self' data: *.superpayments.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.reviews.io *.reviews.co.uk *.livechatinc.com *.convertcart.com *.facebook.net s7.addthis.com https://getaddress.io *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.superpayments.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk assets.mlcdn.com *.icomoon.io *.mailerlite.com data: *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.iceheadshop.co.uk *.convertcart.com *.livechatinc.com *.fixer.io *.doubleclick.net ekr.zdassets.com/ https://api.getaddress.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.superpayments.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-aca8e73ca4f34870afcdbd4babfeadb2' https://www.mylghealth.org/mychart 'self';img-src https://* 'self' blob: data:;style-src https://www.mylghealth.org/mychart 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: interagencystandingcommittee.org fonts.gstatic.com; img-src 'self' data: *.twimg.com *.twitter.com https://*.google-analytics.com https://*.googletagmanager.com *.ytimg.com *.google.com mcusercontent.com *.mailchimp.com *.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net platform.twitter.com https://*.googletagmanager.com https://*.google.com *.google-analytics.com *.twimg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com https://*.googletagmanager.com https://*.google.com *.google-analytics.com *.twimg.com *.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com *.twitter.com; frame-ancestors 'self'; report-uri https://interagencystandingcommittee.org/report-uri/reportOnly 1
frame-ancestors 'self'; form-action 'self' https://boatsonline.yachthub.com https://www.facebook.com; report-uri https://www.boatsonline.com.au/ajax/csp-report.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-bF-X6a-O_idoNwCiNCwOuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net code.ionicframework.com data: maxcdn.bootstrapcdn.com media.flixfacts.com media.flixcar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com media.flixcar.com *.zdassets.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com media.flixcar.com *.flix360.com *.flix360.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.detrack.com static.hotjar.com cdnjs.cloudflare.com js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com media.flixcar.com media.flixfacts.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com code.ionicframework.com *.freshchat.com maxcdn.bootstrapcdn.com media.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobe.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com qa-api.magedevteam.com *.algolia.net *.algolia.com *.detrack.com bam-cell.nr-data.net *.google-analytics.com media.flixcar.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.davivienda.com tags.bkrtx.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com *.facebook.net *.bluekai.com 1.c81358859121583b7adf2ace89cb39f44.com adservice.google.com www.google-analytics.com *.daviplata.com m.serlefin.com www.googletagmanager.com www.google.com chatdaviplata.com analytics.google.com 1.b406929acabac9b095f124c81bdfcf57f.com cdn.jsdelivr.net *.facebook.com use.typekit.net eloqua.code-labs.com *.doubleclick.net *.gstatic.com p.typekit.net www.google.com.co www.youtube.com *.googleapis.com i.ytimg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.brightcove.com https://*.boltdns.net https://*.brightcovecdn.com https://*.siteimprove.com; font-src 'self' data:; frame-src *; img-src 'self' https://metrics.brightcove.com https://*.boltdns.net data:; media-src 'self' https://*.brightcovecdn.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.texthelp.com https://*.browsealoud.com https://players.brightcove.net https://vjs.zencdn.net https://cdn.rawgit.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com blob: https://cdn.siteimprove.net https://unpkg.com; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.mumc.nl/report-uri/reportOnly; block-all-mixed-content 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.woodpeck.com fonts.gstatic.com cdn.materialdesignicons.com mediacdn.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com vars.hotjar.com www.paypalobjects.com *.g.doubleclick.net *.vimeo.com www.youtube-nocookie.com *.listrak.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.facebook.com flagpedia.net https://redchamps.com maps.gstatic.com *.woodpeck.com *.bm23.com *.g.doubleclick.net www.google.ae www.google.am www.google.com.ar www.google.at www.google.com.au www.google.az www.google.be www.google.com.bh www.google.com.br www.google.com.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.com.co www.google.co.cr www.google.com.cy www.google.cz www.google.de www.google.dk www.google.com.do www.google.ee www.google.es www.google.fi www.google.fr www.google.gy www.google.com.hk www.google.hr www.google.hu www.google.gr www.google.co.id www.google.ie www.google.co.il www.google.co.in www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.com.lb www.google.lk www.google.lu www.google.lv www.google.co.kr www.google.com.kw www.google.kz www.google.mk www.google.mn www.google.mw www.google.com.mx www.google.com.my www.google.com.ng www.google.nl www.google.no www.google.co.nz www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.pl www.google.com.pr www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.com.sa www.google.se www.google.com.sg www.google.si www.google.sk www.google.com.sv www.google.co.th www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.za translate.google.com www.facebook.com mediacdn.espssl.com *.listrakbi.com code.jquery.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io maps.googleapis.com *.woodpeck.com *.hotjar.com *.g.doubleclick.net browser-update.org www.google.com *.algolia.net *.algolianet.com connect.facebook.net *.listrak.com *.listrakbi.com code.jquery.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.woodpeck.com *.googleapis.com translate.google.com cdn.materialdesignicons.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io *.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.woodpeck.com *.hotjar.com *.hotjar.io secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://woodpeck.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-L0yPB6VKFXYE8lvSbCbbRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: docs.paymentjs.firstdata.com www.racetrac.com *.facebook.net cdn.cookielaw.org vc.hotjar.io *.googleapis.com *.hotjar.com www.googletagmanager.com www.google-analytics.com *.googlesyndication.com *.sprinklr.com appleid.cdn-apple.com px.adentifi.com *.cloudinary.com *.facebook.com *.doubleclick.net tags.srv.stackadapt.com bat.bing.com *.azureedge.net *.gstatic.com adservice.google.com *.onetrust.com sc-static.net region1.google-analytics.com metrics.hotjar.io analytics.google.com *.snapchat.com www.google.com ds.reson8.com cdn.resonate.com assets.onestore.ms secure.paymentcard.com *.adsrvr.org *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
worker-src blob:; font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.hotjar.com *.reviews.io www.wed2b.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.ometria.com 'self' https: *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.wed2b.com 'self' 'unsafe-inline'; frame-ancestors *.widget.reviews.co.uk https://widget.reviews.co.uk *.reviews.co.uk https://www.pingdom.com http://www.pingdom.com https://www.reviews.io *.pingdom.com *.wed2b.co.uk *.fls.doubleclick.net *.ladesk.com 'self' https: www.wed2b.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://secure5.arcot.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://widget.reviews.co.uk *.twitter.com *.hotjar.com *.fls.doubleclick.net *.ladesk.com *.typeform.com *.facebook.com *.reviews.co.uk *.braintreegateway.com https://a.pgtb.me https://tpc.googlesyndication.com/ *.pinterest.com *.google.com https://checkoutshopper-live.adyen.com *.adyen.com https://secure4.arcot.com/ *.arcot.com https://3ds-secure.cardcomplete.com/ https://ecclients.btrl.ro/ http://bofp.erstebank.hu/ http://www.clicksafe.lloydstsb.com/ https://pay.activa-card.com/ https://3dsecure-1.wirecard.com/ https://3dsecure-2.wirecard.com/ https://acssv.otpbank.hu/ https://acs.sia.eu/ https://idcheck.acs.touchtechpayments.com/ https://sicher-bezahlen.sparkasse.at/ https://www.securesuite.co.uk/ http://bred.wlp-acs.com/ http://bnpp-3ds.wlp-acs.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.wed2b.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.uk *.google.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.maps.gstatic.com *.googleapis.com https://trk.ometria.com/ *.adalyser.com *.postcodeanywhere.co.uk *.googletagmanager.com *.contentsquare.net *.reviews.io *.fls.doubleclick.net *.google.cz *.google.be *.google.nl *.google.de *.google.fr *.google.es *.google.gr *.reviews.co.uk *.instagram.com *.google.com.sg *.google.co.id 'self' https: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.wed2b.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.hotjar.com *.adnxs.com *.facebook.net *.ladesk.com *.adalyser.com *.g.doubleclick.net *.hotjar.io *.pinterest.com *.reviews.co.uk *.maps.googleapis.com https://maps.googleapis.com *.ometria.com https://cdn.polyfill.io/ *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.ccdc02.com https://cdn.noibu.com/collect.js https://t.contentsquare.net https://d1m2uzvk8r2fcn.cloudfront.net/ https://d2xcq4qphg1ge9.cloudfront.net/ https://tpc.googlesyndication.com/ *.tiktok.com *.pinimg.com https://form.jotform.com https://tags.srv.stackadapt.com *.botpress.cloud js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.wed2b.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk *.reviews.io data: *.jotfor.ms/ *.stackadapt.com *.botpress.cloud unsafe-inline assets.braintreegateway.com tagmanager.google.com www.wed2b.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.wed2b.com www.wed2b.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.reviews.co.uk https://www.pingdom.com *.google-analytics.com https://stats.g.doubleclick.net http://www.googletagmanager.com/ *.facebook.com *.braintree-api.com *.braintreegateway.com *.postcodeanywhere.co.uk *.cdn.noibu.com *.input.noibu.com/ wss://input.noibu.com/ https://input.noibu.com/pv https://input.noibu.com/metrics *.contentsquare.net/ https://api.reviews.io *.google.com *.instagram.com *.googleapis.com *.tiktok.com *.pinterest.com 'self' https: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com *.facebook.net https://maps.googleapis.com www.wed2b.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com www.wed2b.com http: https: blob: 'self' 'unsafe-inline'; default-src www.wed2b.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wed2b.com/csp-violations.php; report-to report-endpoint; 1
default-src 'self' https:;script-src 'self' 'unsafe-eval' https:;script-src-elem 'self' 'unsafe-inline' https: static.cloud.coveo.com *.r42tag.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net surfly.com admin.relay42.com *.fbto.nl www.googletagmanager.com;script-src-attr 'none';style-src 'self' https:;style-src-elem 'self' 'unsafe-inline' https:;style-src-attr 'self' 'unsafe-inline';img-src 'self' blob: data: https: *.analytics.google.com *.google-analytics.com *.doubleclick.net *.vimeocdn.com www.google.nl www.google.com www.facebook.com www.googletagmanager.com www.google.ie www.google.nl fbto.midash.nl bat.bing.com js.arcgis.com services.arcgisonline.com;font-src 'self' data: https: js.arcgis.com;connect-src 'self' https: *.fbto.nl *.applicationinsights.azure.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google-analytics.com www.google.com surfly.com *.googlesyndication.com www.googletagmanager.com services.arcgisonline.com;media-src 'self' blob: *.fbto.nl;object-src 'self' https:;child-src 'self' blob:;frame-src 'self' td.doubleclick.net *.fls.doubleclick.net player.vimeo.com t.svtrd.com surfly.com t.svtrd.com survey.insocial.nl;frame-ancestors 'none';form-action 'self' https:;manifest-src 'self' https:;prefetch-src 'self' https:;base-uri 'none';upgrade-insecure-requests;report-uri https://fbto.ams.report-uri.com/r/t/csp/reportOnly;report-to csp-violation-report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-gawlxRdTAwljPjZ51X1q5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Dn2yAfYCRHgZtwtiwdtynw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.okanagan.bc.ca https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.socialintents.com https://chat.socialintents.com https://okanagan.kuali.co https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://9s51jp057lsz.statuspage.io https://ca.libraryh3lp.com https://okanagan.libcal.com https://e.issuu.com https://www.opentable.com https://cdn.otstatic.com https://www.googletagmanager.com https://connect.facebook.net https://unpkg.com https://polyfill.io https://*.hotjar.com https://www.googleadservices.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://connect.facebook.net https://www.googletagmanager.com https://www.socialintents.com https://ajax.googleapis.com https://9s51jp057lsz.statuspage.io https://okanagan.libcal.com https://ca.libraryh3lp.com https://cdnjs.cloudflare.com https://okanagan.kuali.co data: https://chat.socialintents.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://www.opentable.com https://cdn.otstatic.com https://www.youtube.com https://*.flickr.com; object-src 'none' data:; frame-ancestors 'self' https://*.okanagan.bc.ca https://*.kalamalkapress.ca https://*.myokanagan.bc.ca https://myokanagan.bc.ca; font-src 'self' https://fonts.gstatic.com https://*.kuali.co data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https:; script-src 'report-sample' 'self' 'nonce-f47ac63f6cb66cd7e549ca15d8846c11' 'sha256-Uar6/o6bHxLbvYdSPaAi9aPBl0o2QLBH4YZtTV7Yh9U=' *.forcloudcdn.com *.forter.com analytics.tiktok.com analytics.twitter.com app.link cdn.branch.io connect.facebook.net dkupaw9ae63a8.cloudfront.net googleads.g.doubleclick.net maps.googleapis.com sc-static.net static.ads-twitter.com tools.luckyorange.com tr.snapchat.com websdk.appsflyer.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.forcloudcdn.com fonts.googleapis.com; connect-src https: wss:; img-src data: https:; font-src data: https:; frame-src 'self' bid.g.doubleclick.net bytedance: fordeal: sslocal: tr.snapchat.com tr6.snapchat.com www.facebook.com www.youtube.com; object-src 'none'; child-src 'self' blob:; base-uri 'none'; report-uri https://dot-hub-x.fordeal.com/api/csp-reports?who=client_customer&app=fordeal 1
script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net; script-src-attr 'self'; script-src-elem 'self' https://siteimproveanalytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js cdn.jsdelivr.net https://cdn.jsdelivr.net; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com 'self' data: www.dufrio.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.dufrio.com.br 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.dufrio.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.mercadopago.com *.mercadolibre.com www.dufrio.com.br *.voxus.tv *.btg360.com.br *.criteo.net *.awin1.com *.zenaps.com td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.google-analytics.com ssl.gstatic.com www.gstatic.com https://cdn.mundipagg.com https://api.pagar.me www.xtento.com cdn.xtento.com *.ebit.com.br *.ebitempresa.com.br *.mercadopago.com *.mlstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.caravelx.com 'self' data: www.dufrio.com.br *.dufrio.com.br s3.amazonaws.com newimgebit-a.akamaihd.net *.bing.com *.google.com.br *.adnxs.com *.mercadopago.com.br *.btg360.com.br *.criteo.com *.mediavine.com *.bluekai.com *.adgrx.com *.casalemedia.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.media.net *.doubleclick.net *.bidswitch.net *.emxdgt.com *.yieldmo.com *.clmbtech.com *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.outbrain.com *.pubmatic.com *.revcontent.com *.tremorhub.com *.awin1.com *.zenaps.com *.yahoo.net *.postrelease.com *.aralego.com *.aralego.net *.dmxleo.com *.clearsale.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com tagmanager.google.com www.xtento.com cdn.xtento.com *.ebit.com.br *.mercadopago.com *.mlstatic.com connect.facebook.net js.huggy.chat *.avada.io www.dufrio.com.br s3.amazonaws.com *.voxus.com.br *.bing.com *.btg360.com.br *.adcart.com.br *.dwin1.com *.afilio.com.br *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.clearsale.com.br *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com fonts.google.com *.ebit.com.br *.mercadopago.com webfonts.huggy.cloud *.gstatic.com www.dufrio.com.br s3.amazonaws.com 'self' 'unsafe-inline'; object-src www.dufrio.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dufrio.com.br 'self' 'unsafe-inline'; manifest-src www.dufrio.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.analytics.google.com *.googletagmanager.com https://api.mundipagg.com https://api.pagar.me https://hits-banner-cloud-function.azurewebsites.net *.mercadopago.com maps.googleapis.com *.mercadolibre.com wss://ct-socket.huggy.app widget.huggy.io viacep.com.br https://get.geojs.io *.avada.io t.elasticsuite.io www.dufrio.com.br *.reclameaqui.com.br *.voxus.tv *.voxus.com.br *.loggly.com *.ipify.org *.criteo.com *.bing.com *.us-east-2.on.aws *.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; child-src www.dufrio.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.dufrio.com.br *.google.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dufrio.com.br 'self' 'unsafe-inline'; 1
default-src 'self' *.viabenefits.com; style-src 'self' *.viabenefits.com *.cobrowse.pega.com 'unsafe-inline'; connect-src 'self' localhost:7777 *.viabenefits.com *.fullstory.com *.qualtrics.com *.comm100.io *.launchdarkly.com *.services.visualstudio.com *.applicationinsights.azure.com cdn.jsdelivr.net www.google-analytics.com *.usw2.pure.cloud; img-src 'self' *.viabenefits.com *.qualtrics.com media.umbraco.io i.vimeocdn.com content.destinationrx.com *.cloudfront.net;script-src 'self' *.viabenefits.com *.cobrowse.pega.com *.fullstory.com www.googletagmanager.com js.monitor.azure.com *.qualtrics.com *.comm100.com 'unsafe-eval' 'unsafe-inline'; 1
script-src 'nonce-ZgIkpdbJn0d_tFAZwvgtyg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-oAKfCI6bPtfw3MtRR9JXoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri /api/csp 1
font-src fonts.gstatic.com *.reviews.io maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de videos.sproutvideo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.reviews.io *.sproutvideo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dwin1.com https://chimpstatic.com *.reviews.io *.sproutvideo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.reviews.io *.sproutvideo.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.reviews.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.reviews.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: myhealthrecord.com *.googleapis.com *.gstatic.com data.pendo.io js-agent.newrelic.com code.jquery.com cdn.pendo.io myhealthrecord.com:9999 bam.nr-data.net smarthub.greenwayhealth.com www.myhealthrecord.com api.myhealthrecord.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
upgrade-insecure-requests; sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-by-user-activation; script-src translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net serverius.net translate.google.com 'unsafe-eval' *.youtube.com; script-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net serverius.net translate.google.com; font-src *.typekit.net *.gstatic.com 'self' fonts.googleapis.com chat.serverius.net data: *.serverius.net *.youtube.com; form-action 'self' chat.serverius.net; base-uri 'self' chat.serverius.net *.youtube.com; default-src chat.serverius.net *.youtube.com; connect-src 'self' chat.serverius.net *.serverius.net *.wpforms.com *.youtube.com; frame-ancestors 'self' chat.serverius.net *.youtube.com; style-src translate.googleapis.com 'report-sample' 'unsafe-inline' *.gstatic.com 'self' chat.serverius.net *.serverius.net translate.google.com *.youtube.com; img-src telegram.org *.ytimg.com *.gstatic.com 'self' chat.serverius.net *.youtube.com data: *.serverius.net translate.google.com; media-src 'self' chat.serverius.net *.youtube.com; frame-src tel: mailto: 'self' chat.serverius.net *.youtube.com; style-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com chat.serverius.net *.serverius.net translate.google.com; report-uri /.well-known/csp/e5a0feaa-d6de-4d31-80f7-710621f76cc8 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.bpd.com.do www.google.com *.gstatic.com bpd.com.do popularenlinea.com www.slant.co *.baidu.com www.popularenlinea.com detectca.easysol.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' farmersinsurance.okta.com *.oktacdn.com; connect-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com farmersinsurance.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' farmersinsurance.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' farmersinsurance.okta.com *.oktacdn.com; frame-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' farmersinsurance.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' farmersinsurance.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com https://*.salesforce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com https://fecdn.user1st.info/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://developer.adobe.com https://magento.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.giuseppezanotti.com/ https://*.web.loc/ https://s3-us-west-2.amazonaws.com/ blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.googleapis.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://developer.adobe.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://maps.google.com https://maps.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self'; script-src 'self' 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.bglobale.com *.global-e.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com www.youtube.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com *.magento-ds.com www.googletagmanager.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.bglobale.com *.global-e.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.sentry.io *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com analytics.google.com *.facebook.net *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'self' data: https://*.tawk.to; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' https://consentcdn.cookiebot.com; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline' https://*.tawk.to https://*.expivi.net; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.tawk.to https://secure.adnxs.com https://cdn.jsdelivr.net https://*.expivi.net d5yoctgpv4cpx.cloudfront.net https://consent.cookiebot.com https://consentcdn.cookiebot.com; img-src https://pim.zitmaxx.nl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com *.bird.eu https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com 'self' https: http:; connect-src https://pim.zitmaxx.nl dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' https://*.google-analytics.com wss://*.tawk.to rkkck31tec.execute-api.eu-central-1.amazonaws.com https:; 1
frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 1
default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz cdn.cookie-script.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.talentio.com cdn.ravenjs.com widget.intercom.io js.intercomcdn.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com ; img-src 'self' data: blob: https: http:; child-src 'self' blob:; form-action 'self' www.facebook.com id.talentio.com api-iam.intercom.io ; font-src 'self' data: assets.talentio.com fonts.gstatic.com use.fontawesome.com use.typekit.net fonts.intercomcdn.com ; frame-ancestors 'self'; frame-src 'self' blob: youtube.com *.youtube.com speakerdeck.com *.speakerdeck.com slideshare.net *.slideshare.net twitter.com *.twitter.com note.com *.note.com google.com *.google.com google.co.jp *.google.co.jp facebook.com *.facebook.com backcheck.jp *.backcheck.jp s3.ap-northeast-1.amazonaws.com intercom-sheets.com; manifest-src 'none'; prefetch-src 'self'; object-src 'self' blob: s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' assets.talentio.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com translate.googleapis.com ; media-src 'none'; worker-src 'self' blob:; connect-src 'self' assets.talentio.com *.sentry.io sentry.io api-iam.intercom.io uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io www.google-analytics.com analytics.google.com s3.ap-northeast-1.amazonaws.com translate.googleapis.com 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.fontawesome.com *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com; object-src 'self'; style-src 'unsafe-inline' 'self' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com; img-src 'unsafe-inline' 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io accounts.zendesk.com; media-src 'self' *.zdassets.com blob:; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com  *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
block-all-mixed-content; report-uri https://tanp.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-PIOP1jyE8xW1oWJUfBQVgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' https://app.contentful.com; worker-src blob:; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.datadoghq-browser-agent.com datadoghq-browser-agent.com *.browser-intake-datadoghq.com browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.ne *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com googleads.g.doubleclick.net *.dotomi.com he.lijit.com envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org *.zendesk.com *.zopim.com widget-mediator.zopim.com trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com jadserve.postrelease.com ad.tpmn.io match.prod.bidr.io i6.liadm.com sync.crwdcntrl.net *.sv.rkdms.com *.simpli.fi *.dlx.addthis.com ws.rqtrk.eu *.youtube-nocookie.com *.klarnaevt.com *.cloudflare.com *.datadome.co *.hotjar.com *.hotjar.io *.narvar.com aorta.clickagy.com *.gorewear.com *.dev.sitka.stage-codal.net *.sitka.stage-codal.net *.stage-codal.net www.sandbox.paypal.com cdn.sand.us.zip.co *.stagesitkagear.com localhost:* 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.parisaeroport.fr tag.adaraanalytics.com *.clarity.ms cdn.trustcommander.net *.facebook.com *.doubleclick.net *.arcgis.com www.google.co.ma static.geetest.com www.google.nl search.aeroportsdeparis.fr www.google.se www.google.com *.twitter.com www.google.fi www.google.de i.ytimg.com *.facebook.net www.google.co.uk accounts.google.com c.bing.com www.google.com.br api.geetest.com *.googleusercontent.com www.google.fr analytics.google.com www.addictive-tracker.com www.google.ie www.google.com.au api.geevisit.com www.google.no www.google.dk ipapi.co cms.analytics.yahoo.com manager.tagcommander.com www.youtube.com www.google.pl www.google.pt apis.google.com www.google.co.jp www.googletagmanager.com cdn.tagcommander.com www.google.co.in www.google.gr tag.yieldoptimizer.com *.commander1.com translate.google.com ssl.google-analytics.com sync.srv.stackadapt.com privacy.trustcommander.net www.google.dz *.demdex.net *.adsrvr.org static.parisaeroport.fr services.arcgisonline.com www.google.ch *.googleapis.com region1.analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src self; script-src self; object-src self; style-src self; img-src self; media-src self; frame-src self; frame-ancestors same; child-src self; font-src self; connect-src self; report-uri /report-csp-violation 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.braindw.com *.mlstatic.com https://www.google.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com maps.googleapis.com api.comapi.com bam.nr-data.net *.braindw.com *.mercadopago.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net apis.google.com www.cardnet.com.do *.googleadservices.com cdn.onesignal.com onesignal.com *.facebook.com *.gstatic.com *.doubleclick.net www.google.com www.youtube.com *.googleapis.com www.google-analytics.com www.googletagmanager.com cardnet-website.firebaseapp.com *.facebook.net adservice.google.com www.google.com.do ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: libertycr.com unpkg.com static.katalon.com cdn.datatables.net api.retargetly.com analytics.google.com vc.hotjar.io *.hotjar.com storerocket.io www.googletagmanager.com webchannel-content.eservice.emarsys.net kip.katalon.com ssl.google-analytics.com device-api.indigitall.com apis.libertycr.com *.linkedin.com cert.libertycr.com *.googleadservices.com www.google-analytics.com *.quantummetric.com *.clarity.ms *.ads-twitter.com cdn.scarabresearch.com resources.libertycr.com events.mapbox.com www.youtube.com bat.bing.com *.gstatic.com na-data.kameleoon.io cro.movil.pa www.google.com.ni udc-neb.kampyle.com searchfijo.isoft-ste.com embed.binkies3d.com analytics.libertycr.com pdp-cdn.retargetly.com www.google.com www.movil.com.pa 365.libertycr.com metrics.hotjar.io cookieless-campaign.prd-00.retargetly.com nebula-cdn.kampyle.com store-stats.cwpweb.cc www2.libertycr.com searchmovil.isoft-ste.com *.facebook.com *.twitter.com img.mailinblue.com www.google.co.cr *.facebook.net www.googleoptimize.com cdn.jsdelivr.net 70orifnt4b.kameleoon.eu cdnjs.cloudflare.com api.mapbox.com movistar.cr statin.lat pdp-service.retargetly.com *.doubleclick.net google.com cdn.storerocket.io *.tiktok.com *.windows.net adservice.google.com lla-cms-prod-b2b.directus.app lla-cms-prod.directus.app static.scarabresearch.com www.libertycr.com t.co *.msecnd.net *.licdn.com recommender.scarabresearch.com *.googleapis.com content.hotjar.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: newassets.hcaptcha.com google.com *.cadooz.com widget.trustpilot.com www.google.com www.jsctool.com hcaptcha.com de.trustpilot.com code.etracker.com region1.analytics.google.com *.imperva.com region1.google-analytics.com *.gstatic.com *.linkedin.com *.googleapis.com adservice.google.com cdnjs.cloudflare.com www.googletagmanager.com *.doubleclick.net www.google-analytics.com *.licdn.com www.etracker.de www.google.de api.ipify.org www.otto.de aktion.ace-vorteilswelt.de ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.es/shp_esp_es/webformat_csptools/report/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.bancodeoccidente.hn *.gstatic.com *.facebook.com graph.instagram.com www.google.com *.doubleclick.net www.googletagmanager.com analytics.google.com *.facebook.net www.google.hn pro.ip-api.com *.googleapis.com www.youtube.com www.google-analytics.com images.scanalert.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com sc-static.net use.typekit.net tags.srv.stackadapt.com p.typekit.net www.googletagmanager.com *.adobe.com be1djf78.apicdn.sanity.io *.facebook.com adservice.google.com tags.w55c.net *.doubleclick.net *.facebook.net www.google-analytics.com *.snapchat.com cdn.weglot.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com;; connect-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://stats.g.doubleclick.net https://*.google-analytics.com https://cdn.cookielaw.org https://*.feefo.com https://*.trustpilot.com;; img-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com data: https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.feefo.com https://*.trustpilot.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.googletagmanager.com https://static.srcspot.com https://cdn.cookielaw.org https://*.google-analytics.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://code.jquery.com https://*.feefo.com; https://*.trustpilot.com;; style-src 'self' 'unsafe-inline' https://*.securetrustbank.com https://*.v12retailfinance.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.feefo.com https://*.trustpilot.com;; font-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com;; frame-src 'self' https://*.securetrustbank.com https://*.v12retailfinance.com https://*.youtube-nocookie.com;; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net *.pcapredict.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com services.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://www.escape.com.au/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-z9MHN_D0X-oleUiSvoI_GQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' assets.adobedtm.com www.googletagmanager.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' cdn.commoninja.com assets.adobedtm.com cat.scene7.com catracking.finning.com documentcloud.adobe.com gbtracking.finning.com lptag.liveperson.net maps.googleapis.com satracking.finning.com script.hotjar.com static.hotjar.com va.v.liveperson.net www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com 1adb27bfbe704c61b348b4185e952cdd.js.ubembed.com 316283.tctm.co accdn.lpsnmedia.net ajax.googleapis.com apps.mypurecloud.ie assets.ubembed.com cdn.addevent.com cdnjs.cloudflare.com connect.facebook.net dynamic.criteo.com googleads.g.doubleclick.net img.en25.com lpcdn.lpsnmedia.net qmod.quotemedia.com snap.licdn.com sslwidget.criteo.com tag.demandbase.com wasm-eval widget.us.criteo.com ws.zoominfo.com www.youtube.com assets.calendly.com cdn.impel.io static.formstack.com integrator.swipetospin.com; script-src-elem 'self' data: 'unsafe-inline' ws.zoominfo.com ajax.googleapis.com cat.scene7.com catracking.finning.com cdn.commoninja.com documentcloud.adobe.com finning.formstack.com gbtracking.finning.com lptag.liveperson.net maps.googleapis.com satracking.finning.com script.hotjar.com static.formstack.com static.hotjar.com tpc.googlesyndication.com va.v.liveperson.net www.formstack.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com 1adb27bfbe704c61b348b4185e952cdd.js.ubembed.com 316283.tctm.co accdn.lpsnmedia.net agadata.online apps.elfsight.com apps.mypurecloud.ie assets.adobedtm.com assets.calendly.com assets.ubembed.com bat.bing.com bukagi.wagajewibo.com cdn.addevent.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net dynamic.criteo.com gateway.zscalerthree.net googleads.g.doubleclick.net img.en25.com kit.fontawesome.com lpcdn.lpsnmedia.net maxcdn.bootstrapcdn.com platform.twitter.com qmod.quotemedia.com snap.licdn.com ssl.google-analytics.com sslwidget.criteo.com static.elfsight.com tag.demandbase.com universe-static.elfsightcdn.com widget-prime.rafflecopter.com widget.us.criteo.com www.pagespeed-mod.com www.youtube.com cdn.impel.io activitymap.adobe.com apis.google.com integrator.swipetospin.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.formstack.com apps.mypurecloud.com cdn.honey.io cdn.jsdelivr.net qmod.quotemedia.com static.c1.quotemedia.com cdn.impel.io cdnjs.cloudflare.com cat.scene7.com www.gstatic.com; style-src-elem 'self' data: 'unsafe-inline' cat.scene7.com fonts.googleapis.com static.formstack.com www.googletagmanager.com www.gstatic.com adamantlabs.surge.sh apps.mypurecloud.com cdn.jsdelivr.net qmod.quotemedia.com static.c1.quotemedia.com cdn.impel.io cdnjs.cloudflare.com; style-src-attr 'unsafe-inline'; img-src 'self' data: khms0.googleapis.com khms1.googleapis.com adservice.google.com analytics.google.com cat.scene7.com catracking.finning.com fonts.gstatic.com gbtracking.finning.com images.sa.digital.finning.com img.youtube.com maps.googleapis.com maps.gstatic.com ml.globenewswire.com promocionesfinning.cl prproductmgrstorage.blob.core.windows.net region1.analytics.google.com region1.google-analytics.com s7d2.scene7.com satracking.finning.com smetrics.finning.com static.formstack.com www.finning.com www.google-analytics.com www.google.ae www.google.am www.google.as www.google.at www.google.az www.google.be www.google.bf www.google.bg www.google.bj www.google.by www.google.ca www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.lk www.google.lu www.google.lv www.google.ml www.google.mn www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.so www.google.sr www.google.tn www.google.tt www.googleadservices.com www.googletagmanager.com www.promocionesfinning.cl a.tribalfusion.com a.twiago.com aa.agkn.com ad.360yield.com ad.doubleclick.net ad.tpmn.co.kr ad.yieldlab.net ade.clmbtech.com adgen.socdm.com ads.stickyadstv.com adx.dable.io analytics.ad.daum.net apps.mypurecloud.com bat.bing.com beacon.krxd.net c.bing.com c1.adform.net cdn.addevent.com cdn.honey.io cdn.shopify.com cdn6.f-cdn.com cm-exchange.toast.com cm.adform.net cm.adgrx.com cm.everesttech.net cm.g.doubleclick.net cms.finning.com connect.facebook.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp csm.da.us.criteo.net csm.va.us.criteo.net d.turn.com dev.day.com dgv.coloringbookgames.com dis.criteo.com dpm.demdex.net dsp.adfarm1.adition.com e1.emxdgt.com eb2.3lift.com exchange.mediavine.com freewheel-match.dotomi.com freewheel.adhaven.com gen.sendtric.com googleads.g.doubleclick.net gum.criteo.com hb.yahoo.net i.imgpile.com i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id.rlcdn.com id5-sync.com idsync.rlcdn.com integrative-therapie-potsdam.de jadserve.postrelease.com jelly.mdhv.io l.facebook.com lh4.googleusercontent.com lh6.googleusercontent.com live.rezync.com lpcdn.lpsnmedia.net match.adsrvr.org match.sharethrough.com matching.ivitrack.com p.rfihub.com partner.mediawallahscript.com phosphor.utils.elfsightcdn.com pippio.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com placehold.it play-lh.googleusercontent.com public-prod-dspcookiematching.dmxleo.com px.ads.linkedin.com px4.ads.linkedin.com r.casalemedia.com rtb-csync.smartadserver.com rtb.openx.net s.ad.smaato.net s.thebrighttag.com s3.amazonaws.com sbm.nate.com secure.adnxs.com segments.company-target.com simage2.pubmatic.com siteintercept.qualtrics.com ssl.gstatic.com static.pexels.com static.whatsapp.net static1.squarespace.com stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync-tm.everesttech.net sync.aralego.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com sync.srv.stackadapt.com syndication.twitter.com tags.bluekai.com tapestry.tapad.com tg.socdm.com translate.google.com trends.revcontent.com tympanus.net um.simpli.fi uploads-ssl.webflow.com uploads.commoninja.com ups.analytics.yahoo.com visitor.omnitagjs.com vop.sundaysky.com website-assets.commoninja.com wmg-148-adswizz.attribution.adswizz.com ws.rqtrk.eu www.facebook.com www.gstatic.com www.linkedin.com x.bidswitch.net cdnjs.cloudflare.com www.google.co.bw www.google.co.tz www.google.com.np www.google.com.pr www.google.com.sv www.google.gg www.google.im www.google.lt www.google.rs pagead2.googlesyndication.com saheliosadsprodeastus.blob.core.windows.net sync.ad-stir.com uipglob.semasio.net viapais.com.ar waheliosadsapiprodeastus.azurewebsites.net www.google.bs www.google.cd www.google.co.uz www.google.com.ag www.google.com.et www.google.com.ly www.google.com.mt www.google.com.na www.google.com.om www.google.com.sl www.google.ge www.google.gm www.google.gy www.google.la www.google.md www.google.me www.google.mu www.google.ne www.google.rw blob: www.google.al www.google.mk www.google.mv; font-src 'self' data: apps.mypurecloud.com cdn.blerp.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com ka-f.fontawesome.com static.c1.quotemedia.com static.formstack.com at.alicdn.com; connect-src 'self' finning.tt.omtrdc.net viewlicense.adobe.io adservice.google.com analytics.google.com cdn.commoninja.com content.hotjar.io csmetrics.hotjar.com google.com in.hotjar.com ka-f.fontawesome.com maps.googleapis.com metrics.hotjar.io portal.cubiq.com region1.analytics.google.com region1.google-analytics.com smetrics.finning.com vc.hotjar.io wss://ws.hotjar.com www.commoninja.com www.google-analytics.com www.google.ae www.google.am www.google.az www.google.be www.google.bf www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.cm www.google.cn www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.py www.google.com.sa www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dz www.google.ee www.google.es www.google.fr www.google.gr www.google.hn www.google.ie www.google.iq www.google.it www.google.kz www.google.lk www.google.ml www.google.nl www.google.no www.google.ro www.google.ru www.google.se www.google.si www.google.sr www.googleadservices.com www.googletagmanager.com www.productmgr.finning.com 1adb27bfbe704c61b348b4185e952cdd.events.ubembed.com 316283.tctm.co ad.doubleclick.net api.company-target.com api.trongrid.io app.quotemedia.com apps.elfsight.com bat.bing.com cat.scene7.com cdn.linkedin.oribi.io csm.da.us.criteo.net csm.nl3.eu.criteo.net csm.va.us.criteo.net data: doublestat.info dpm.demdex.net ecmacore.com el-gms-api.cirrus9.net influxdb.quotemedia.com measurement-api.criteo.com properties px.ads.linkedin.com redmarket.online segments.company-target.com siteintercept.qualtrics.com sslwidget.criteo.com stats.g.doubleclick.net storage.elfsight.com translate.googleapis.com widget.us.criteo.com ws.zoominfo.com www.facebook.com youtube.googleapis.com cdn.impel.io cdnjs.cloudflare.com www.google.at www.google.com.do www.google.com.np www.google.com.sg www.google.com.sv www.google.com.uy www.google.fi www.google.gg www.google.im www.google.pl www.google.pt www.google.sk www.productmgr.dev.finning.com www.google.bs www.google.co.tz www.google.co.ug www.google.co.zm www.google.com.bh www.google.com.lb www.google.com.ly www.google.com.pg www.google.com.pr www.google.dk www.google.hr www.google.hu www.google.jo www.google.la www.google.lt www.google.lv www.google.ne www.google.co.zw www.google.com.jm www.google.is www.google.je www.google.mk www.google.mn www.google.ps www.google.tt; media-src data: finning.moovmediatest.cl lpcdn.lpsnmedia.net www.w3schools.com saheliosadsprodeastus.blob.core.windows.net; object-src 'self' gum.criteo.com s.company-target.com; frame-src finning.formstack.com va-s.c.liveperson.net va.idp.liveperson.net 1adb27bfbe704c61b348b4185e952cdd.pages.ubembed.com 9272152.fls.doubleclick.net 9272152.fls.doubleclick.net.x.30c7ecab0d83f04d250a02c0a86fa6b95871.d045227d.id.opendns.com bid.g.doubleclick.net block.opendns.com bpb.opendns.com calendly.com documentcloud.adobe.com embed.wistia.com fast.wistia.net finning.demdex.net finning.sirv.com finning.somosforma.com fledge.us.criteo.com gateway.zscalertwo.net gateway.zscloud.net gum.criteo.com gumi.criteo.com lpcdn.lpsnmedia.net magama.cloud mozbar.moz.com my.matterport.com open.spotify.com platform.twitter.com player.vimeo.com s.company-target.com snazzymaps.com static.criteo.net syndication.twitter.com td.doubleclick.net tpc.googlesyndication.com widget-prime.rafflecopter.com www.facebook.com www.google.com www.googletagmanager.com www.linkedin.com www.youtube.com cdn.impel.io fs.liveperson.com www.formstack.com 1adb27bfbe704c61b348b4185e952cdd.pages.ubembed.com.x.5bf868d90dddc047c80bf3a09a7ad53d9c65.9270f44f.id.opendns.com 1adb27bfbe704c61b348b4185e952cdd.pages.ubembed.com.x.e042e4790c77804ce30ac1a032db120ee883.9270f45d.id.opendns.com mcid-21877eda-ed22-4e14-b0c3-3a36edd4616c.ep-mimecast.doubleclick.net mcid-68f7ca3e-afac-46d1-a50f-bb20ff32acee.ep-mimecast.doubleclick.net mcid-de265354-9b36-42ab-95dc-76c906da0fd9.ep-mimecast.doubleclick.net td.doubleclick.net.x.2d0c87d20475604efc0a92f0e9a6fe749709.d043d897.id.opendns.com td.doubleclick.net.x.58ea160f0c6aa04e43095ca0962e44010e27.d043d897.id.opendns.com td.doubleclick.net.x.8283c81f04087049790b7310639fe7a757e1.ccc2ee1d.id.opendns.com td.doubleclick.net.x.e42363650db8504594081f505515280ddf86.ccc2ee97.id.opendns.com; form-action 'self' finning.formstack.com qdemo.ca1.qualtrics.com www.facebook.com; report-uri https://d9cfde4cc5bf000584b4c536b92593a8.report-uri.com/r/t/csp/wizard; 1
default-src 'self' salesforce.okta.com *.oktacdn.com; connect-src 'self' salesforce.okta.com salesforce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com salesforce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' salesforce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' salesforce.okta.com *.oktacdn.com; frame-src 'self' salesforce.okta.com salesforce-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' salesforce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' salesforce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://confluence.internal.salesforce.com https://foundation--pie.sandbox.my.salesforce.com https://integration360.lightning.force.com https://powerofus.force.com https://pie-powerofus.usa2s.sfdc-yfeipo.force.com https://org62--62stage2.sandbox.lightning.force.com https://slack.lightning.force.com https://threatcanvas.internal.salesforce.com https://foundation.lightning.force.com https://tc.tm-as-a-service.ast.aws-dev2-uswest2.aws.sfdc.cl https://tabstg.internal.salesforce.com https://foundation.my.site.com https://integration360--i360dev.sandbox.lightning.force.com https://tabdev.internal.salesforce.com https://spfdev01-supportforce.cs21.force.com https://gus--rakesh.sandbox.lightning.force.com https://cichub--stage.sandbox.lightning.force.com https://tabse.internal.salesforce.com https://mc-00tq6cdjppzlxr9vvx98rqyy1.pub.sfmc-content.com https://tabtst.internal.salesforce.com https://org62--62uat5sb1.sandbox.lightning.force.com https://foundation--pie.builder.salesforce-communities.com https://supportforce.my.site.com https://supportforce--spfstage.sandbox.my.site.com https://foundation.builder.salesforce-communities.com https://tc.tm-as-a-service.ast-s.aws-esvc1-useast2.aws.sfdc.cl https://sfdc-tab.internal.salesforce.com https://cichub.lightning.force.com https://foundation--pie.my.salesforce.com https://supportforce.force.com https://gus.lightning.force.com https://foundation.my.salesforce.com https://org62.lightning.force.com https://foundation--pie.sandbox.my.site.com 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.doubleclick.net *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.mollie.com *.ctfassets.net *.arvesta.eu *.google.be *.adnxs.com *.bing.com *.gstatic.com *.googleapis.com *.cookielaw.org *.facebook.com *.clarity.ms *.onetrust.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.mollie.com *.hotjar.com *.googleoptimize.com *.bing.com *.facebook.net *.adnxs.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.clarity.ms *.googleapis.com *.npmcdn.com *.convertexperiments.com *.cookielaw.org *.onetrust.com *.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.typekit.net *.npmcdn.com tagmanager.google.com fonts.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.cookielaw.org *.analytics.google.com *.doubleclick.net *.clarity.ms gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.googleapis.com *.npmcdn.com *.hotjar.com *.onetrust.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.twitter.com accounts.google.com secure.payu.com merch-prod.snd.payu.com *.doubleclick.net vars.hotjar.com *.facebook.com m.goadservices.com apis.google.com www.google.com *.cookiebot.com ams.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net static.payu.com trustmate.io www.google.pl csr.onet.pl bbnaut.ibillboard.com rm.em.nscontext.eu mc.yandex.ru rtb-csync.smartadserver.com connect.facebook.net *.tile.openstreetmap.org geowidget.easypack24.net maps.gstatic.com maps.googleapis.com *.doubleclick.net kodano.pl ade.googlesyndication.com bat.bing.com qon-csts3.quartic.com.pl c.seznam.cz  payment.ecommerce.sebgroup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.avada.io accounts.google.com secure.payu.com secure.snd.payu.com trustmate.io *.hotjar.com mc.yandex.ru *.goadservices.com geowidget.easypack24.net maps.googleapis.com *.pushpushgo.com apis.google.com js-agent.newrelic.com *.cookiebot.com bat.bing.com *.tiktok.com *.smartsuppcdn.com www.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net static.cloudflareinsights.com *.quarticon.it *.quarticon.com *.quartic.com.pl *.ar-labs.io tags.creativecdn.com c.imedia.cz c.seznam.cz nominatim.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com accounts.google.com trustmate.io geowidget.easypack24.net *.quartic.com.pl widget-v3.smartsuppcdn.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://get.geojs.io *.avada.io accounts.google.com secure.payu.com merch-prod.snd.payu.com trustmate.io mc.yandex.ru *.doubleclick.net *.analytics.google.com api-shipx-pl.easypack24.net pagead2.googlesyndication.com maps.googleapis.com *.cookiebot.com *.tiktok.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net *.quarticon.it *.ar-labs.io www.google.com ams.creativecdn.com region1.google-analytics.com nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://szkla0com.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-CXiJmK5XCyuH2lqBqHujpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/ https://www.google.com https://www.youtube.com/ https://static.addtoany.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/  https://ajax.cloudflare.com/ https://www.google.com/ https://www.google-analytics.com https://www.gstatic.com; report-uri /csp-reports.php 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: images.ctfassets.net www.centralmarket.com *.quantummetric.com resources.digital-cloud-west.medallia.com *.googleapis.com cnstrc.com assets.ctfassets.net www.google.com md-scp.kampyle.com *.doubleclick.net www.googletagmanager.com www.innit.com graphql.contentful.com bam-cell.nr-data.net js-agent.newrelic.com cdn.honey.io *.gstatic.com *.facebook.net browser-intake-datadoghq.com udc-neb.kampyle.com services.centralmarket.com www.google-analytics.com cm-catalog-dot-heb-cm-prd1.appspot.com pwcdauseo-zone.cnstrc.com downloads.ctfassets.net *.scene7.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src-elem 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.gstatic.com/ https://secure.data-insight365.com/js/265784.js https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-3470892.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://script.hotjar.com/modules.2de3322c0609a6da3702.js https://connect.facebook.net/signals/config/214369947959115 https://secure.data-insight365.com/Track/Capture.aspx https://connect.facebook.net/signals/config/515690463347689 https://script.hotjar.com/modules.cf637fb03b42388e3bf3.js https://script.hotjar.com/browser-perf.33dcc26815d7481e62e8.js https://script.hotjar.com/modules.12bb18a8ada54a042e86.js cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js https://script.hotjar.com/modules.4bbac2bdc7f1b66d3009.js https://www.googletagmanager.com/ https://pbs.twimg.com; style-src 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ https://script.hotjar.com/modules.0ef46a83101151841364.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; frame-ancestors 'self' 1
frame-ancestors 'self'; report-uri https://www.townsvillebulletin.com.au/csp-reports 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.cxengage.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cxengage.net *.amazonaws.com https://*.salesforce.com https://use.typekit.net https://media.twiliocdn.com https://connect.facebook.net https://widget.prodpad.com; style-src 'unsafe-inline' 'self' https:; img-src 'self' https: data: cid: blob:;font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://static.xx.fbcdn.net https://*.knak.io data:; object-src 'none'; frame-ancestors 'self' https:; frame-src 'self' https: blob:; connect-src 'self' *.cxengage.net *.amazonaws.com sentry.io https://media.twiliocdn.com https://eventgw.twilio.com https://api-widget.prodpad.com https://www.facebook.com https://connect.facebook.net ws:; report-uri https://o142049.ingest.sentry.io/api/6353635/security/?sentry_key=2c0aec6aedbb4a86bd982cecc41bc8fb&sentry_environment=us-east-1-prod 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com commerce.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobedtm.com commerce.adobedc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com https://maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://hosting.gl; script-src 'self' 'unsafe-inline' https://hosting.gl https://hosting.gl/templates/lagom2/assets/js/ https://statistics.hosting.gl https://www.googletagmanager.com https://connect.facebook.net https://widget.trustpilot.com https://cdn.datatables.net; connect-src 'self' https://region1.google-analytics.com https://statistics.hosting.gl https://www.facebook.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://widget.trustpilot.com; form-action 'self'; frame-ancestors 'self'; report-uri https://hostinggl.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-v9N6acj6pdQwEkNFlf8NCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src client.crisp.chat fonts.googleapis.com fonts.gstatic.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai storage.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payfort.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com image.crisp.chat www.google.com.sa www.google.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com static.cloudflareinsights.com client.crisp.chat business.facebook.com sc-static.net analytics.tiktok.com googleads.g.doubleclick.net js-agent.newrelic.com bam.eu01.nr-data.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com client.crisp.chat www.google.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net wss://client.relay.crisp.chat analytics.tiktok.com tr.snapchat.com bam.eu01.nr-data.net analytics.google.com client.crisp.chat maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: view.vzaar.com *.marketo.com static-src.bedsonline.com munchkin.marketo.net www.google.com.br consentcdn.cookiebot.com www.googletagmanager.com *.cloudfront.net cdnjs.cloudflare.com cdn.landbot.io cdn.hotelbeds.com vc.hotjar.io *.googleapis.com *.gstatic.com dacastdd.s.llnwi.net geolocation-db.com imgsct.cookiebot.com region1.analytics.google.com analytics.google.com discover9-live.ed-integrations.com *.mktoresp.com *.hotjar.com *.ubembed.com connect.bedsonline.com discover.bedsonline.com adservice.google.com consent.cookiebot.com www.google.com *.googlesyndication.com welcome.landbot.io starcollection-cms.hotelbeds.com www.google.com.mx *.doubleclick.net www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.bueroshop24.de app.usercentrics.eu assets.bueroshop24.de cdn.mouseflow.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.awin1.com *.doubleclick.net criteo-partners.tremorhub.com ib.adnxs.com *.b-cdn.net *.casalemedia.com *.paypal.com api.usercentrics.eu www.google.de *.adform.net cmodul.solutenetwork.com www.wepowerconnections.com *.criteo.net *.criteo.com the.sciencebehindecommerce.com *.yahoo.net simage2.pubmatic.com consent-api.service.consent.usercentrics.eu em.guenstiger.de match.sharethrough.com sync-criteo.ads.yieldmo.com www.googletagmanager.com id5-sync.com ad.yieldlab.net uct.service.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu wss://umd.userlike.com *.gstatic.com a.twiago.com cdn.honey.io www.google.com *.googleadservices.com ip-api.io public-prod-dspcookiematching.dmxleo.com contextual.media.net *.youtube-nocookie.com analytics2.fatmedia.io userlike-cdn-operators.userlike.com api.userlike.com *.bidswitch.net img.youtube.com o2.mouseflow.com dais.bueroshop24.de *.googleusercontent.com www.dwin1.com e1.emxdgt.com matching.ivitrack.com *.taboola.com *.outbrain.com *.smartadserver.com exchange.mediavine.com jadserve.postrelease.com *.rubiconproject.com eb2.3lift.com visitor.omnitagjs.com ad.360yield.com bat.bing.com adservice.google.com criteo-sync.teads.tv analytics.fatmedia.io lh3.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com www.irishlife.ie; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1
script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-Ddn7kqhW2wfssy71Ub-jxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eACtdixvbdX8WULFCi9IGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-Zu4Z78IFn9VlwFpA+qOhskhHPWS2eLu2S6VDxEGOjDk='; base-uri 'self';report-to csp-endpoint 1
worker-src blob:; sandbox *.425.degree *.425degree.com 425degree.com www.425degree.com https://www.facebook.com *.facebook.com *.facebook.net *.tiktok.com; font-src *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action https://www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.doubleclick.net *.infogram.com *.facebook.com *.googleadservices.com *.googlesyndication.com https://www.google.co.th *.kasikornbank.com *.googletagmanager.com *.pinterest.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.cloudflare.com https://cdn.klarna.com *.425degree.com *.425.degree https://www.trustmarkthai.com/ https://t.co https://www.google.co.th *.doubleclick.net *.facebook.com *.pinterest.com https://www.googletagmanager.com/ *.googleadservices.com *.paypal.com *.vimeocdn.com https://s.ytimg.com *.usercentrics.eu *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com https://www.trustmarkthai.com/ https://chimpstatic.com/ *.twitter.com *.ads-twitter.com *.425.degree *.425degree.com https://googleads.g.doubleclick.net *.infogram.com *.facebook.com *.newrelic.com *.nr-data.net *.pinimg.com www.google-analytics.com *.googlesyndication.com *.trustedshops.com *.usercentrics.eu *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.kasikornbank.com www.facebook.com graph.facebook.com business.facebook.com twitter.com https://accounts.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.425.degree *.425degree.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.cloudflare.com *.pinterest.com *.paypal.com *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com https://www.trustmarkthai.com/ https://t.co *.425.degree *.nr-data.net www.facebook.com www.google-analytics.com *.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.secure-afterpay.com.au bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.cloudfront.net *.google-analytics.com *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com  *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 1
default-src 'none'; img-src *; frame-src *; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://www.tyan.com 1
font-src *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.addtoany.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.loggly.com *.zip.co zip.co *.gstatic.com https://www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.impactcdn.com *.optimonk.com sc-static.net *.snapchat.com *.addtoany.com *.zip.co cdn.jsdelivr.net *.amazonaws.com *.mktoweb.com *.hotjar.com *.newrelic.com https://www.googletagmanager.com tagmanager.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net tagmanager.google.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.snapchat.com *.optimonk.com *.doubleclick.net *.cloudfront.net *.zip.co zip.co hosted.mastersoftgroup.com *.nr-data.net https://www.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.oracleinfinity.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline'; font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.integration.komax.eclt.lnt.cl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.integration.komax.eclt.lnt.cl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.nscc.ca; img-src 'self' *.nscc.ca *.gstatic.com *.fontawesome.com *.google.ca *.google.com www.google-analytics.com app.careerbeacon.com s3.amazonaws.com syndication.twitter.com www.facebook.com *.monsido.com data: www.googletagmanager.com maps.googleapis.com https://ad.doubleclick.net; font-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.gstatic.com cdn.kendostatic.com data:; style-src 'self' *.nscc.ca *.fontawesome.com *.googleapis.com *.google.com app.simplycast.ca widget.alongside.com cdn.kendostatic.com kendo.cdn.telerik.com tags.srv.stackadapt.com www.googletagmanager.com static-assets-ca.libanswers.com https://kendo.cdn.telerik.com 'unsafe-inline'; script-src 'self' *.nscc.ca *.google.com *.googleapis.com *.gstatic.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com app.simplycast.ca *.youtube.com widget.alongside.com platform.twitter.com lgapi-ca.libapps.com islpronto.islonline.net ca.libraryh3lp.com api3-ca.libcal.com cdn.kendostatic.com *.monsido.com *.crazyegg.com connect.facebook.net tags.srv.stackadapt.com js.adsrvr.org blob: static-assets-ca.libanswers.com https://jsonip.com https://server402.islonline.net/live/islpronto https://code.jquery.com/jquery-3.7.0.min.js https://cdn.kendostatic.com/2023.3.1010/js/* https://kendo.cdn.telerik.com https://qvdt3feo.com/events.js 'unsafe-inline'; connect-src 'self' *.nscc.ca www.google-analytics.com csp.withgoogle.com ka-p.fontawesome.com kit.fontawesome.com api3-ca.libcal.com *.crazyegg.com tags.srv.stackadapt.com *.monsido.com analytics.google.com stats.g.doubleclick.net maps.googleapis.com; frame-src 'self' *.youtube.com *.google.com syndication.twitter.com platform.twitter.com ca.libraryh3lp.com *.fls.doubleclick.net insight.adsrvr.org cckc.airtime.pro www.facebook.com https://player.vimeo.com https://td.doubleclick.net https://app.simplycast.ca https://match.adsrvr.org/track/upb/*; frame-ancestors 'self' *.nscc.ca:*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com go.trustpayments.com *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com *.cloudflareinsights.com *.trustpilot.com *.zdassets.com *.google.com *.omniconvert.com *.googletagmanager.com *.licdn.com *.facebook.net *.hotjar.com *.cloudflare.com *.yoast.com  *.dropbox.com *.live.net ; style-src 'self' 'unsafe-inline' *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com; style-src-elem * 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' *.linkedin.com *.google.com *.google.co.uk *.onetrust.com *.gstatic.com *.gravatar.com *.trustpayments.com *.zdassets.com *.facebook.com *.google-analytics.com *.google.com.mt; font-src 'self' data: 'unsafe-inline' *.gstatic.com *.trustpayments.com *.fontawesome.com; connect-src 'self' 'unsafe-inline' *.onetrust.com *.google.com *.zendesk.com *.clarity.ms *.omniconvert.com *.fontawesome.com *.cloudflareinsights.com *.zdassets.com *.yoast.com *.linkedin.com *.doubleclick.net *.hotjar.io *.google-analytics.com; media-src 'self' 'unsafe-inline' data:; object-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.trustpilot.com *.google.com; worker-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; report-uri https://www.trustpayments.com/csp-violation-report/ 1
worker-src blob: 'self'; font-src *.yotpo.com *.monetate.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure-test.worldpay.com/shopper/3ds/ddc.html *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com https://pay.google.com https://secure-test.worldpay.com *.fls.doubleclick.net *.worldpay.com *.trustarc.com *.monetate.net sdx.microsoft.com *.googleapis.com blob: *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.yotpo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com *.googleapis.com https://*.ggpht.com media.screwfix.fr media.screwfix.eu consent.trustarc.com *.doubleclick.net *.contentsquare.net *.monetate.net *.postcodeanywhere.co.uk yotpo-editor-production.s3.amazonaws.com sp.analytics.yahoo.com s.yimg.com p1.zemanta.com *.googletagmanager.com *.googleusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bing.com *.microsoft.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com cdn.optimizely.com *.yotpo.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co https://www.google.com/recaptcha/api.js www.gstatic.com cdnjs.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.googleapis.com storage.googleapis.com consent.trustarc.com js-agent.newrelic.com bam.nr-data.net tags.tiqcdn.com www.res-x.com *.googletagmanager.com unsafe-inline t.contentsquare.net app.contentsquare.com *.monetate.net edge1.certona.net payments.worldpay.com *.pcapredict.com services.postcodeanywhere.co.uk www.google.com *.yotpo.com *.contentsquare.net *.truste.com sp.analytics.yahoo.com s.yimg.com js-tag.zemanta.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat region1.google-analytics.com bat.bing.com r.bing.com *.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com strict-dynamic *.confirmit.com *.creativecdn.com *.sdiapi.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com cdnjs.cloudflare.com *.googleapis.com payments.worldpay.com services.postcodeanywhere.co.uk *.yotpo.com marketer.monetate.net *.bing.com *.dwin1.com *.awin1.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.hub-box.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.googleapis.com stats.g.doubleclick.net bam.nr-data.net *.contentsquare.net media.screwfix.fr *.yotpo.com *.postcodeanywhere.co.uk sp.analytics.yahoo.com s.yimg.com *.bing.com wss://*.bing.com region1.google-analytics.com *.analytics.google.com *.sciencebehindecommerce.com *.google.co.uk *.optimizely.com *.creativecdn.com *.confirmit.com *.sdiapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com cdn.dnky.co amc.demdex.net www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: cm.everesttech.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.gstatic.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com cdn.dnky.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * commerce.adobedtm.com commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google-analytics.com api.comapi.com bam.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QxGQbZ-MGb3W54sbCJNALg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.e-konsulat.gov.pl secure.e-konsulat.gov.pl translate.google.com newassets.hcaptcha.com *.facebook.net api.telegram.org hcaptcha.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.jsdelivr.net *.criteo.com *.avis-verifies.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.criteo.com *.adyen.com https://h.online-metrix.net *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net camo.githubusercontent.com *.gstatic.com *.cloudflare.com *.googleapis.com *.bing.com *.google.com.br *.clarity.ms *.facebook.net *.facebook.com *.adyen.com https://h.online-metrix.net *.d.aa.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.cloudflare.com *.googleapis.com *.bing.com *.facebook.net *.cloudfront.net *.criteo.com *.zdassets.com *.google.com *.avis-verifies.com *.clarity.ms *.adyen.com https://h.online-metrix.net *.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.cloudflare.com *.googleapis.com *.azurewebsites.net *.clarity.ms *.amazonaws.com wss://widget-mediator.zopim.com *.rdstation.com.br *.zendesk.com *.doubleclick.net *.facebook.net *.facebook.com *.criteo.com *.zdassets.com *.netreviews.eu *.adyen.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.braspag.com.br 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.acheipneus.com.br/csp/endpoint; report-to report-endpoint; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ATG1nTMOj5qIzmwNxduQrKdzx' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; base-uri 'self'; form-action 'self' https://bam.nr-data.net; frame-ancestors 'none'; frame-src 'self' https://*.gcs-web.com https://*.convergepay.com https://www.google.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.doubleclick.net https://nationalvision.gcs-web.com; connect-src 'self' https://code.jquery.com https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://extreme-ip-lookup.com https://*.extreme-ip-lookup.com https://ipmeta.io https://*.ipmeta.io https://bam.nr-data.net https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://jobpal-sm.s3.amazonaws.com https://612dedf14e35cd00d7d60304.config.smooch.io https://api.smooch.io wss://api.smooch.io https://cdn.cookielaw.org/ https://cdn.linkedin.oribi.io; script-src 'self' https://code.jquery.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com http://www.youtube.com https://*.ytimg.com https://www.googleadservices.com https://www.google.com https://*.doubleclick.net 'unsafe-eval' https://tagmanager.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://jobpal-sm.s3.amazonaws.com https://api.smooch.io https://cdn.cookielaw.org/ https://*.convergepay.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.googleoptimize.com/ https://click.appcast.io/; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://jobpal-sm.s3.amazonaws.com https://cdnjs.cloudflare.com/; font-src 'self' https://*.typekit.net https://fonts.gstatic.com https://fonts.gstatic.com data: https://jobpal-sm.s3.amazonaws.com 'nonce-6c3dd8e1bfe945228d041b38d21f2843'; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://*.doubleclick.net https://www.google.com https://*.googleusercontent.com https://ssl.gstatic.com https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://media.smooch.io https://i.americasbest.com https://cdn.cookielaw.org/ https://click.appcast.io/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://px4.ads.linkedin.com; manifest-src 'self'; media-src 'self' https://jobpal-sm.s3.amazonaws.com; report-uri https://aclens.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-51ubMpQ0k5ncgqZQPuTjkg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; script-src 'self' https://*.twitter.com https://www.facebook.com https://connect.facebook.net https://www.clickcease.com https://*.googlesyndication.com https://*.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.googleapis.com https://www.youtube.com https://*.usercentrics.eu https://ista.piwik.pro 'unsafe-inline' 'unsafe-eval' 'report-sample'; frame-src https://*.twitter.com https://www.facebook.com https://*.g.doubleclick.net https://*.googlesyndication.com *.vimeo.com *.youtube-nocookie.com *.youtube.com https://*.usercentrics.eu; connect-src 'self' https://siteintercept.qualtrics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://maps.googleapis.com https://fonts.googleapis.com https://*.usercentrics.eu https://tracking.ista.com https://ista.piwik.pro 'self'; img-src 'self' data: https:; style-src 'self' https://fonts.googleapis.com https://*.usercentrics.eu 'unsafe-inline' 'report-sample'; default-src 'self'; media-src 'self' https:; worker-src 'self' https://*.twitter.com https://www.facebook.com https://connect.facebook.net https://www.clickcease.com https://*.googlesyndication.com https://*.g.doubleclick.net https://www.googleoptimize.com https://*.hotjar.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.googleapis.com https://www.youtube.com https://*.usercentrics.eu https://ista.piwik.pro 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; report-uri https://www.ista.com/corporate/@http-reporting?csp=report&requestTime=1715737801303693 1
object-src 'none';base-uri 'self';script-src 'nonce-qkoavXknTTQl8BKyolOTHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-foXnwuUxXKxcH0mPyepibQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TXSWU1nVpN90JnLwEODxXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3Z5Yh7_omRI_r38LKGpJPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_auBLOMAWRlMJZTf0PcKgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-0nBhyw+0ipeO+29tUdwRzA==' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://consent.bumble.com http://www.google-analytics.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
default-src 'self'; script-src 'report-sample' 'self' https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/1dcaeb4c-38c7-4341-9d3a-8bebecb3dfe0/state.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__en.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://region1.google-analytics.com https://www.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com; img-src 'self' https://px.ads.linkedin.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rwxtVFcU1L-e3cQMlEaQ8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UzgL71Wuh3Rki3gAf6dWSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Lor5ruaEYvRqqAWsThplfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RUDFSA9XWSYKuFJKjbwIhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-w9fPUkB7Ao_oTnsASv2zCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cT7UMrK8DIf-7vq9neVzCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AQSsh6cPhmCZhVdrA-_gJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-M0uJnWDT9Holi-W-TyIIxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-gNeXzWwzIoeOuVXD7oMJjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iq8WCDLqH0TLANQ5pg8XHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BgCmCGYujMLUQenXY5mNDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-v4ECIhP-r6QQJrYFaesaNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IlQypKusfxYcGiCShvcE0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zX3Pt75gF1vxgDRRrwp3KQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-W_LpCXO-o0xNPK_awYV9uQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-69pZSn5YVo4my5fXh0YkMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-SaZcqa3TdoQkBaKR8sGuJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PioR8mVsD5owQHfRBdWemw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HegtSgLQTwexmveS7_gL_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9B82NmEj9EbqhPl9Gmg2Sg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yt7gGjaXTil0thv6QPT9Sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TBVO40fk7o7NEyK23GCy2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-E0pKQThumLWWjhFzXdMyow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--haHvdEMMve0oeQp_GHAQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-j2skt1s6dt5yL-RRIwxPcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-O_zntHhwLB85oygWi_ZkEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'sha256-OKBdzUfs8ngN92Q6Joz5q+5wvrMXqg6St2Q+iW688+0=' 'self' 'self' *.empregoligado.net *.levee.com *.empregoligado.com.br static.zdassets.com analytics.tiktok.com *.facebook.net *.singular.net *.google-analytics.com *.cloudflareinsights.com *.hotjar.com *.googletagmanager.com www.termsfeed.com googleads.g.doubleclick.net www.googleadservices.com cdnjs.cloudflare.com www.cookieconsent.com analytics.trovit.com convcdn.indeed.tech; connect-src 'self' *.empregoligado.net *.levee.com *.empregoligado.com.br *.zdassets.com *.zendesk.com *.sentry.io sentry.io *.hotjar.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudflareinsights.com *.facebook.net *.facebook.com www.cookieconsent.com www.termsfeed.com fonts.googleapis.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com analytics.tiktok.com unleash.levee.com.br fonts.gstatic.com www.google.com www.google.com.br *.appspot.com stats.g.doubleclick.net *.singular.net api.amplitude.com api-js.mixpanel.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; style-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' form.typeform.com *.facebook.com *.doubleclick.net; img-src 'self' data: *.levee.com *.empregoligado.net *.empregoligado.com.br empregoligado-production-images.s3.amazonaws.com *.google-analytics.com *.singular.net *.appspot.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.facebook.net *.facebook.com www.cookieconsent.com www.termsfeed.com fonts.googleapis.com googleads.g.doubleclick.net www.googleadservices.com analytics.tiktok.com unleash.levee.com.br fonts.gstatic.com www.google.com www.google.com.br www.google-analytics.com stats.g.doubleclick.net api.amplitude.com api-js.mixpanel.com; media-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br 1
object-src 'none';base-uri 'self';script-src 'nonce-GUwSjGeRst1smUHpGgfchA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.getalma.eu https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://static.parallels.com https://support.parallels.com https://kb.parallels.com https://forum.parallels.com https://status.parallels.com https://*.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://chatbeacon.corel.com wss://chatbeacon.corel.com; img-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://static.parallels.com https://static.myparallels.com https://www.parallels.com data:; font-src 'self' https://static.parallels.com https://static.myparallels.com; frame-src 'self' https://kb.parallels.com https://www.corel.com https://chatbeacon.corel.com; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://appleid.cdn-apple.com https://status.parallels.com https://*.cookielaw.org 'unsafe-inline'; script-src-elem 'self' https://*.google-analytics.com https://*.googletagmanager.com https://appleid.cdn-apple.com https://status.parallels.com https://*.cookielaw.org 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.parallels.com; object-src 'none'; report-uri https://my.parallels.com/csp_report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.it https://www.myheritage.it  'unsafe-eval' 'nonce-0fd2fa2c05d26a09ab7bc7e585f7901e' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
font-src *.fontawesome.com https://geowidget.easypack24.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://geowidget-app.inpost.pl/ *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://cmp.uniconsent.com https://www.google.pl https://www.facebook.com/ https://data.imoje.pl https://imgsct.cookiebot.com https://www.google.nl https://e24files.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js s7.addthis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://connect.facebook.net https://cmp.uniconsent.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://analytics.tiktok.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://region1.analytics.google.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.easypack24.net *.inpost.pl *.openstreetmap.org https://www.sentry.macopedia-dev.pl https://cmp.uniconsent.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.pl https://www.google.com https://consent.cookiebot.com  https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-M8eVzxB5Hob0av6NjOdavw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' https://analytics.clickdimensions.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 1
font-src https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com api.razorpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.syteapi.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://maps.google.com/ cdn.razorpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syteapi.com/ https://cdn-api.syteapi.com/ https://fonts.gstatic.com https://maps.googleapis.com/ checkout.razorpay.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://cdn-api.syteapi.com https://syteapi.com https://maps.googleapis.com/ lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com * *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io https://*.googletagmanager.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net cdn.shirtspace.com *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com *.paypal.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.ckeditor.com io.clickguard.com acsbapp.com sc-static.net api.ipify.org cdnjs.cloudflare.com *.easysize.me *.klaviyo.com unleash.shirtspace.com unpkg.com *.frontapp.com cdn.shirtspace.com 'nonce-X3XEGd/PdtNgeReCDT94vA=='; style-src 'self' cdn.shirtspace.com *.googleapis.com *.typekit.net *.typeform.com *.ckeditor.com cdnjs.cloudflare.com *.easysize.me *.klaviyo.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.pinterest.com www.youtube.com *.acsbapp.com accessibe.com player.vimeo.com tr.snapchat.com tpc.googlesyndication.com *.easysize.me *.typeform.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com *.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com io.clickguard.com bam.nr-data.net *.klaviyo.com *.easysize.me unleash.shirtspace.com cdn.shirtspace.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.no https://www.myheritage.no  'unsafe-eval' 'nonce-0d69d8527cf0d1d651d9a5a8fca02fde' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.winterparkresort.com www.google.com www.datadoghq-browser-agent.com www.googletagmanager.com *.adsrvr.org lifts-and-trails.netlify.app *.facebook.net cookies.alterramtnco.com *.onetrust.com *.doubleclick.net www.sc.pages08.net *.facebook.com *.tiktok.com *.clarity.ms assets.adobedtm.com use.typekit.net c.bing.com v4.mtnfeed.com www.pages08.net *.sentry.io cdn.inbenta.io api.trustyou.com vicomap-cdn.resorts-interactive.com js.stripe.com camstreamer.com *.demdex.net *.everesttech.net cdn.sanity.io sdk.inbenta.io cdn.cookielaw.org api.mapbox.com vimeo.com session-replay.browser-intake-us3-datadoghq.com images.letsway.com cams.mtnfeed.com ib.adnxs.com www.youtube.com *.vimeo.com *.omtrdc.net secure.adnxs.com i.vimeocdn.com analytics.google.com apolloprogram.io api-gcu1.inbenta.io www.inntopia.travel *.youtube-nocookie.com kit.fontawesome.com *.adform.net mtnpowder.com events.mapbox.com p.typekit.net adservice.google.com edge.adobedc.net *.sojern.com *.gstatic.com *.googleapis.com api.letsway.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-viLTukaoV_0vS4JJ4nGL7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.mobilexpress.com.tr data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.nr-data.net *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.mobilexpress.com.tr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.nr-data.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io img-dagi.mncdn.com *.creativecdn.com *.personaclick.com *.efilli.com *.googlesyndication.com *.criteo.com *.quinengine.com *.clarity.ms *.tiktok.com *.cloudflareinsights.com *.thequin.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss://*.iitrust.lk wss://*.iitrust.ru:* wss://*.sber-solutions.ru 1
connect-src 'self' consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com *.g.doubleclick.net *.greatag.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' fonts.gstatic.com consent.trustarc.com data:; frame-src 'self' consent-pref.trustarc.com *.greatag.com d14qt9b6zkutf5.cloudfront.net *.greatamericaninsurancegroup.com charts.aghost.net www.youtube.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com data: *.g.doubleclick.net *.greatag.com img.youtube.com *.dtn.com https://*.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' consent.trustarc.com *.g.doubleclick.net https://*.googletagmanager.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.g.doubleclick.net https://*.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://greatamericancrop.report-uri.com/r/t/csp/reportOnly https://www.greatag.com/CSPReporting; 1
child-src 'self' app.pendo.io *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com app.pendo.io *.plaid.com js.stripe.com *.youtube.com https://*.doubleclick.net https://a20898485993.cdn.optimizely.com https://a20898485993.cdn-pci.optimizely.com https://www.facebook.com/ https://tpc.googlesyndication.com; img-src 'self' *.guideline.io cms-assets.guideline.com data.pendo.io cdn.pendo.io app.pendo.io pendo-static-6259783729020928.storage.googleapis.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://cdn.optimizely.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com alb.reddit.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-eval' 'nonce-7011f2398a4275bf8c23c0ca6c242b1a' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' app.pendo.io https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://*.enkempass.com https://central.inc https://*.keka.com; report-uri https://sentry2.guideline.tools/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
object-src 'none';base-uri 'self';script-src 'nonce-t0ujCfDkwdOnh_88yAbYtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.projectdb.ru/api/csp-error/ 1
font-src use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * hbm-sandbox.cabinets.com staging-kitchen.enterprise.by.me kitchen.enterprise.by.me www.google.com *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.chatlio.com *.gstatic.com *.googleapis.com *.affirm.com *.affirm.ca *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.chatlio.com *.salesforceliveagent.com *.jsdelivr.net *.g.doubleclick.net *.newrelic.com bam.nr-data.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.blueconic.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.chatlio.com fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.chatlio.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.chatlio.com *.g.doubleclick.net bam.nr-data.net *.googleapis.com *.affirm.com *.affirm.ca *.blueconic.net connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; img-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com www.facebook.com graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://redchamps.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net region1.analytics.google.com www.google.com www.google.bg maps.googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io https://www.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; script-src www.googleadservices.com connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com https://connect.facebook.net/en_US/fbevents.js assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com analytics.google.com *.facebook.net unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.agoradesk.com dewitte.fiatfaucet.com monerod.slvit.us node.portemonero.com xmr.bunkerlab.net chad.fiatfaucet.com kowalski.fiatfaucet.com node.sethforprivacy.com:18089 *.gstatic.com xmr.cryptostorm.is:18081 ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com herokuapp.com *.herokuapp.com amazonaws.com *.amazonaws.com sentry.dev.nn-services.de *.dev.nn-services.de *.nn-services.de stripe.com *.stripe.com stripe.network *.stripe.network chargebee.com *.chargebee.com iterable.com *.iterable.com doubleclick.com *.doubleclick.com plyr.io *.plyr.io unity3d.com *.unity3d.com *.cloud.unity3d.com googleapis.com *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; img-src 'self' data: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com plyr.io *.plyr.io analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com stripe.com *.stripe.com chargebee.com *.chargebee.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com; child-src 'self' blob: chargebee.com *.chargebee.com neuronation.com *.neuronation.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com; frame-ancestors 'self' neuronation.com *.neuronation.com *.evocare.org evocare.org; form-action 'self'; manifest-src 'self'; report-uri https://neuronation.report-uri.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com https://www.facebook.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.google.com *.doubleclick.net https://www.facebook.com/ account.fetchify.com *.yotpo.com https://youtu.be https://vars.hotjar.com/ https://c.paypal.com https://surveymonkey.com/ https://bam-cell.nr-data.net https://widget.trustpilot.com https://tst.kaptcha.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.yotpo.com *.gstatic.com *.google.co.uk https://www.googletagmanager.com https://www.tag4arm.com https://bat.bing.com https://services.postcodeanywhere.co.uk https://ct.pinterest.com https://b.stats.paypal.com https://dub.stats.paypal.com https://c.paypal.com https://secure.surveymonkey.com/ https://www.foliosociety.com https://staging.foliosociety.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.yotpo.com https://thefo11129.pcapredict.com https://polyfill.io https://api.usersnap.com https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com https://www.tag4arm.com https://*.gstatic.com https://services.postcodeanywhere.co.uk https://r1-1.trackedweb.net https://r1-t.trackedlink.net https://static.trackedweb.net https://s.pinimg.com https://static.hotjar.com https://js.braintreegateway.com https://c.paypal.com https://widget.surveymonkey.com/ https://bam-cell.nr-data.net https://static.cloudflareinsights.com https://www.gstatic.com https://widget.trustpilot.com https://paperplaneslive.com https://mczbf.com https://sjwoe.com https://cj.dotomi.com https://emjcd.com https://idsync.rlcdn.com https://*.cj.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com cc-cdn.com *.yotpo.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.yotpo.com *.doubleclick.net https://services.postcodeanywhere.co.uk https://bam.nr-data.net https://r1.trackedweb.net https://ct.pinterest.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.sandbox.braintree-api.com https://bat.bing.com https://in.hotjar.com https://www.paypal.com https://www.tag4arm.com https://bam-cell.nr-data.net https://widget.trustpilot.com https://paperplaneslive.com https://mczbf.com https://sjwoe.com https://cj.dotomi.com https://emjcd.com https://idsync.rlcdn.com https://*.cj.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.braintreegateway.com *.paypal.com https://surveymonkey.com/ https://secure.surveymonkey.com/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 1
default-src 'self'; img-src * data: blob:; media-src 'self' data:; script-src 'self' 'nonce-6XmRt/EjHG+sLbQ56jkgom2vTZBfLRKy' 'unsafe-inline' 'unsafe-eval' https://polyfill.io/v3/polyfill.min.js https://tag.myaspectra.ch/rt/matomo.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdn.plyr.io https://player.vimeo.com/api/player.js; style-src 'self' 'unsafe-inline' https://unpkg.com/survey-jquery@1.9.74/survey.css https://cdn.plyr.io/3.6.12/plyr.css; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' blob: https://tag.myaspectra.ch https://noembed.com https://cdn.plyr.io; font-src 'self' data:; report-to endpoint 1
default-src 'self' 'unsafe-inline' *.stripe.com data: *.alicdn.com *.clientgear.com *.pinterest.com *.doubleclick.net *.stripe.com *.googletagmanager.com *.bing.com *.pinimg.com *.taboola.com *.criteo.com *.criteo.net *.facebook.com omnisnippet1.com *.facebook.net *.soundestlink.com *.zdassets.com *.google-analytics.com *.pubmatic.com *.revcontent.com *.sharethrough.com *.smaato.net *.tremorhub.com *.clmbtech.com *.tpmn.co.kr *.vieldmo.com *.emxdgt.com *.bidswitch.net *.adnxs.com *.mediawallahscript.com contextual.media.net *.rubiconproject.com *.samrtadserver.com *.teads.tv *.31ift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.liadm.com *.tpmn.io *.mediavine.com *.postrelease.com *.outbrain.com *.tapad.com *.tapad.com *.yieldmo.com *.smartadserver.com *.demdex.net 'unsafe-eval' *.sentry.io *.imgdb.cn *.superbed.cn *.3lift.com *.rezync.com *.rfihub.com *.bluekai.com *.pippio.com *.turn.com *.zendesk.com google.com *.klaviyo.com *.googleadservices.com *.socdm.com *.adtdp.com *.dable.io *.adingo.jp *.rlcdn.com *.krxd.net *.yahoo.net *.recaptcha.net *.gstatic.com;report-uri https://collector.fridayparts.com/;report-to report-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-VnMrchLOwrqgniklxnwo-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-e0QDgSEo0UdPSeLsxz6o0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mOkat3XnONWwXXo6Dc_UkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TGzVXrOFvXv3exVSfXc_DA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NCHrKsNseklln-azOJ6AQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MVSjO3sAXnIdn6mqM6gv7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.waspfun.com www.baoding68b.net game.nb8latvia.com play.luckypig188.com *.googleapis.com bpweb.wlyss.net www.kongming88h.net m.pgf-thzvvo.com gameweb.rsgaming888.com lobby.gold88dragon.com vcnh2k.wlyss.net cdn.dcloud.net.cn game.bb9uns.com play.gold88dragon.com www.recaptcha.net www.gwp6868.net cdvbyh.uikehnbv.com 277bdnt1n6.iumtibif.net www.onlinegames22.com lobby.luckypig188.com wbgame.bd33fgabh.com wss://wss.waspzf.com update.waspadfpj.com www.weimen99f.net api-www.wasptha.com olw.ygauiog.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.jsdelivr.net assets.obi.si 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com cdn.jsdelivr.net assets.obi.si www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.jsdelivr.net assets.obi.si js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net assets.obi.si unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-e9gCoA8oDlUxJXzyZK9v1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://3dsgate.borica.bg/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src td.doubleclick.net player.flipsnack.com/ fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com *.wesupply.xyz 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; connect-src app.avada.io www.google-analytics.com stats.g.doubleclick.net/j/ region1.analytics.google.com maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true maps.googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; script-src 'self' app.avada.io connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com i.adwise.bg static.hotjar.com https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: www.google.com www.google.bg maps.googleapis.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com 'self' 'unsafe-inline'; style-src fonts.googleapis.com temax.bg getfirebug.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1eztzXQYht-2khKP87j8oQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net/ *.paypal.com *.vimeo.com *.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com *.mailchimp.com gallery.mailchimp.com *.gstatic.com *.google.com *.google.it *.googleapis.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.vimeo.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.demdex.net *.amazonaws.com *.swagger.io *.ytimg.com *.doubleclick.net *.magentocommerce.com *.adobe.com  *.everesttech.net *.omtrdc.net *.adobedtm.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.adobedtm.com *.googleadservices.com *.google.com *.doubleclick.net *.googletagmanager.com *.paypal.com *.paypalobjects.com *.googleapis.com *.vimeo.com *.chimpstatic.com *.mailchimp.com *.addthis.com *.bing.com *.hotjar.com *.facebook.net *.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.iubenda.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com *.google.com *.googletagmanager.com *.vimeo.com *.paypal.com *.paypalobjects.com *.zdassets.com *.googleapis.com *.youtube.com https://maps.googleapis.com https://fonts.googleapis.com *.doubleclick.net *.hotjar.com *.iubenda.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
object-src 'none';base-uri 'self';script-src 'nonce-xyK0UIbR13vJlgoyTjCm7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-CebyP-1gfdRItMrrbudoDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ARssxOV-c7phDRA9vL7RSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.portmone.com.ua https://td.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.ca/pagead https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com www.portmone.com.ua https://connect.facebook.net https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences https://tools.luckyorange.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com unsafe-inline cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net gate.portmone.com.ua https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://stats.g.doubleclick.net https://tools.luckyorange.com https://settings.luckyorange.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-WPTgSAbu9HSYhFNVHrJrGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WEScuFj4yTFy58Mmhyd9sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eNybnUaiYOVVJ7XFX2p1YQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IkpPTkZQq5IAordTZaDJ3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WC6vmMbfs4TKXwNinAU_Kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ikki2af0aniXqH2fiNUgiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rXbIpw54JKT6IFFbZv0Wbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-W7IowqxL1yl10r04i-lI9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-RgJNdN8SdWpYhLoTVGZblg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-539ATiCYPm0tcDMgdzEJnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mjRbMCa8pt-dlkS081kUKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lCqERuje544u2Og7dkjk_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wlJuFPCCbXrmrIlwrbrr0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1BTBdMzjl6n9bLmkYz96Hg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iOqkzWXWhy17BwclwwXYzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_YOWdmSZ5BMS3MLaM5qiQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.youtube.com https://www.googletagmanager.com/ secure-gateway.hipay-tpp.com *.hipay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.xiti.com *.ati-host.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tag.aticdn.net https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.target2sell.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.hipay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.hipay.com wss://mpsnare.iesnare.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.target2sell.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uNf5gkV-x0lRXfCdx570Sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com fonts.gstatic.com acsbapp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.snapchat.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.demdex.net/ www.facebook.com platform.twitter.com tst.kaptcha.com c.sandbox.paypal.com s7.addthis.com *.tieks.com *.snapchat.com *.doubleclick.net *.pinterest.com ssl.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.taboola.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com acsbap.com https://acsbapp.com/apps/app/dist/js/app.js z.moatads.com v1.addthisedge.com platform.twitter.com static.zdassets.com m.addthis.com s7.addthis.com *.zopim.com *.facebook.net *.pinimg.com *.yimg.com sc-static.net *.ads-twitter.com *.doubleclick.net *.newrelic.com *.nr-data.net *.adobedtm.com *.queue-it.net *.bing.com *.tiktok.com *.snapchat.com acsbapp.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tieks.com *.tieks.com static.zdassets.com *.rackcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.taboola.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss://widget-mediator.zopim.com/ *.zendesk.com *.zdassets.com *.tieks.com cdn.acsbapp.com m.addthis.com maps.googleapis.com *.yimg.com *.pinterest.com *.snapchat.com *.doubleclick.net *.nr-data.net www.facebook.com bat.bing.com *.tiktok.com pagead2.googlesyndication.com *.google-analytics.com analytics.pangle-ads.com acsbapp.com *.acsbapp.com acsbap.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dfW7ywpN95RZr9iPGulUMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2uLcRjhpj_1sylYT04RLdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LOxUN6SDHesiIkNVHIyJ5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ksK_lIemmUCelED9aLkdog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aWtLgiphZMX09ydPB_dDUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1m24NY_F5-3jsMF6Y5Oq7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.newrelic.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.nr-data.net *.hotjar.io *.retailrocket.net cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.amphora-store.com/; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com https://sandbox.sequracdn.com https://live.sequracdn.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com https://sandbox.sequracdn.com https://live.sequracdn.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com https://sandbox.sequracdn.com https://live.sequracdn.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com *.usizy.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.multisafepay.com https://sandbox.sequracdn.com https://live.sequracdn.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co usizy.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.ctfassets.net;img-src data: blob: *;style-src 'self' 'unsafe-inline' *.gstatic.com;font-src 'self' fonts.gstatic.com;media-src 'self' *.ctfassets.net *.gstatic.com;frame-src 'self' *.ctfassets.net *.youtube.com *.ungpd.com;connect-src 'self' *.ctfassets.net *.contentful.com *.bugsnag.com *.swish.nu;object-src 'none';script-src 'self'; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com *.google-analytics.com *.google.com *.gstatic.com; style-src-elem 'self' fonts.googleapis.com blob:; style-src 'self' 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com networkmap.metroinfo.co.nz; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net; img-src 'self' *.google.co.nz *.google.com *.google.com.au *.monsido.com; default-src 'self'; 1
font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://www.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://vars.hotjar.com https://service.force.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://www.google.com https://www.google.co.cr https://infanti.cl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com https://service.force.com https://doreljuvenilechile.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com https://vars.hotjar.com https://www.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.impresee.com https://d.la4-c1-ia4.salesforceliveagent.com https://*.collect.igodigital.com https://static.hotjar.com https://cdnjs.cloudflare.com https://script.hotjar.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://service.force.com https://cdn.impresee.com https://dorel.secure.force.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com https://doreljuvenilechile.us-5.evergage.com https://maps.googleapis.com https://stats.g.doubleclick.net https://api.impresee.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SdHRyy6Rwht-eRLwJfQ6Pw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dqEScKAm5EzdRX5YcU-_jQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rSIoP5qryM1iKzU_FSUatg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PN2eMdO9ea0CS_2OaPaSgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2YvhZR83MVea_g-yxvXWQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.jablonet.net https://connect.facebook.net https://chat.jablonet.net https://requestor.bezpecnostnicentrum.cz https://chatsk.jablonet.net https://logbook.jablonet.net https://logbook-dev.jablonet.net https://logbook-stg.jablonet.net https://logbook-val.jablonet.net; report-uri https://files.jablonet.net/security-policy/csp.php; 1
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://storage.googleapis.com https://unpkg.com maps.googleapis.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.atd.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-vpVH3WkJRa8fTSGc6INj7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PNuCO_LuSybwg3d3HDB0RA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com secure.gravatar.com; 1
report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-a4f44271580a8330f87b1fd4bb4bab2a-argus' 'strict-dynamic'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TbWl13mEUx-_nSNOk9I9_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GGPnhreDlN0zMabuI6zEpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com s7.addthis.com *.avada.io https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googletagmanager.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8bv0N8Zbd8MUn6YzqyKUvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ILnr44TmoC9xriIqAS0gNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mViPjgTKxXLXJ3-KqBP6tQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2uDbIXqssR3yOJLKVhI14Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-V1oB0UZ4yBZyiqHxXMKg-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google.co.uk *.quotezone.co.uk *.doubleclick.net *.googleapis.com unpkg.com www.googletagmanager.com *.tawk.to *.vimeo.com bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com *.clarity.ms analytics.google.com ariane.abtasty.com region1.analytics.google.com cdn.seopa.com loader.wisepops.com www.google-analytics.com *.cloudinary.com vc.hotjar.io *.googleadservices.com e.infogram.com wisepops.net try.abtasty.com dcinfos-cache.abtasty.com static.addtoany.com adservice.google.com *.gstatic.com region1.google-analytics.com activity.wisepops.com *.hotjar.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; connect-src 'self' https://dnnapi.com https://stats-api.flockler.app https://api.flockler.app https://plugins.flockler.com https://maps.googleapis.com https://www.google-analytics.com https://vimeo.com https://issuu.com https://code.jquery.com https://sentry.issuu.com https://api.flockler.com; font-src 'self' data: https://dnnapi.com https://use.fontawesome.com https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.youtube-nocookie.com https://e.issuu.com https://maps.google.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube.com https://livestream.com https://vimeo.com https://media-api.flockler.com https://*.cloudflarestream.com; img-src 'self' data: blob: https://flockler.com https://fl-1.cdn.flockler.com https://media-api.flockler.com https://s3.amazonaws.com/ https://supporting-cast.blubrry.net https://scontent-sjc3-1.cdninstagram.com https://scontent.cdninstagram.com https://d31hzlhk6di2h5.cloudfront.net https://dnnapi.com https://images.e2ma.net https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com https://maps.gstatic.com https://www.hw.com https://code.jquery.com https://psb.twimg.com https://abs-0.twimg.com https://platform.twitter.com https://syndication.twitter.com https://i.vimeocdn.com https://ajax.googleapis.com https://*.cdninstagram.com https://www.googletagmanager.com https://*.xx.fbcdn.net; report-to cspEndpoint; report-uri https://www.hw.com/about/Content-Security-Policy; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fl-1.cdn.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://www.google.com https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://e.issuu.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://dnnapi.com https://e.issuu.com https://www.google.com/ https://fonts.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://graph.instagram.com https://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://plugins.flockler.com https://use.fontawesome.com https://fonts.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://use.typekit.net https://p.typekit.net; media-src 'self' https://media-api.flockler.com https://content.blubrry.com https://media.blubrry.com https://player.vimeo.com https://download-video.akamaized.net; style-elem 'self' https://use.typekit.net; 1
font-src *.googleapis.com *.gstatic.com data: *.yotpo.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.yottaa.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com widget.nfusionsolutions.com *.yotpo.com s7.addthis.com www.facebook.com googleads.g.doubleclick.net vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com ssl.kaptcha.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.yotpo.com mediacdn.espssl.com *.yottaa.net trkn.us *.bing.com www.facebook.com trends.revcontent.com www.govmint.com *.listrakbi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.alby.com www.google.com widget.nfusionsolutions.com *.yotpo.com cdnjs.cloudflare.com *.addthis.com z.moatads.com v1.addthisedge.com *.yottaa.net *.bing.com *.facebook.net *.signifyd.com *.userway.org *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.listrakbi.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com *.bootstrapcdn.com *.yottaa.net getfirebug.com cdn.dnky.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.listrakbi.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.alby.com googletagmanager.com api.experianaperture.io https://*.px-cdn.net/api/ https://*.px-cloud.net/api/ *.yotpo.com *.facebook.com *.addthis.com *.yottaa.net stats.g.doubleclick.net bat.bing.com *.signifyd.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ *.listrakbi.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://a6dac31eed28614cb82d5fab502d6ef8.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
require-trusted-types-for 'script'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8Kr_aV45lIDQKzR0DTHfyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: moneronode.org:18081 xmr.cryptostorm.is:18081 dewitte.fiatfaucet.com xmr.yemekyedim.com:18089 localmonero.co node-xmr.encryp.ch:18089 xmr.yemekyedim.com:18081 node.portemonero.com chad.fiatfaucet.com kowalski.fiatfaucet.com *.gstatic.com xmr.bunkerlab.net localhost:18081 node.sethforprivacy.com:18089 a.localmonero.co monerod.slvit.us ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-f790c08da7b374e6fcc7b8630917e431';object-src 'none';base-uri 'none';frame-src 'self' https://audio.patronite.pl https://paywall.imoje.pl https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://wchat.freshchat.com https://*.webpush.freshchat.com https://www.youtube.com https://youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com https://www.facebook.com https://open.spotify.com/embed/ https://podcasters.spotify.com/pod/show/ https://player.vimeo.com/video/ https://td.doubleclick.net;report-uri https://o160244.ingest.sentry.io/api/1798165/security/?sentry_key=22e91a43970d40cdae6153ad3feb9951;report-to csp-endpoint 1
default-src 'self' https:;img-src 'self' https:;style-src 'unsafe-inline' https:;script-src 'unsafe-inline' 'unsafe-eval' http:;media-src *;frame-ancestors 'self' https:; 1
default-src 'self' https: data: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://geolocation.onetrust.com https://region1.google-analytics.com https://v2.zopim.com https://ajax.googleapis.com https://analytics.silktide.com https://analytics.tiktok.com https://api.reciteme.com/asset/js https://app.geckoform.com https://cdn-ukwest.onetrust.com https://cdn.populo-services.com https://connect.facebook.net https://embed.geckochat.io https://googleads.g.doubleclick.net https://l.getsitecontrol.com https://sc-static.net/scevent.min.js https://script.hotjar.com https://static.hotjar.com https://tr.snapchat.com https://www.googletagmanager.com https://cdn.populo-services.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.geckoform.com https://fonts.gstatic.com/ https://embed.geckochat.io https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://googleads.g.doubleclick.net https://capigateway.adaptworldwide.com wss://widget-mediator.zopim.com https://router-euwest2.geckochat.io https://stats.g.doubleclick.net https://www.google.com https://privacyportal-uk.onetrust.com https://region1.google-analytics.com https://geolocation.onetrust.com https://pagead2.googlesyndication.com https://a.eu.silktide.com https://analytics.tiktok.com https://api.geckochat.io https://cdn-ukwest.onetrust.com https://ekr.zdassets.com https://l.getsitecontrol.com https://region1.analytics.google.com https://tr.snapchat.com https://tr6.snapchat.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com; font-src 'self' https://fonts.geckoform.com https://embed.geckochat.io https://fonts.gstatic.com/; frame-src 'self' https://app.geckoform.com https://td.doubleclick.net https://tr.snapchat.com https://www.youtube.com; img-src 'self' data: https://www.googletagmanager.com https://widget-assets.geckochat.io https://www.facebook.com https://cdn-ukwest.onetrust.com https://i.ytimg.com https://populo.populo-services.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self' https://audio.geckochat.io; worker-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.livehelpnow.net developer.livehelpnow.net www.infiniteelectronics.com infiniteelectronics.blueconic.net img.en25.com app.callrail.com cdn.datatables.net *.gstatic.com *.doubleclick.net cdn.callrail.com s.yimg.com wss://app.livehelpnow.net cdn.blueconic.net js.callrail.com cdn.polyfill.io acsbapp.com *.adsrvr.org *.eloqua.com sp.analytics.yahoo.com adservice.google.com cdn.livehelpnow.net cdn.acsbapp.com www.google.com *.googleapis.com analytics.google.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-27NFDLt5F5Of1ojduiP-BA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-uAxx3n6qy08zYKOP6zYSqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';child-src 'none';connect-src 'self' https://*.polymarket.com wss://*.polymarket.com https://clob.polymarket.com wss://clob.polymarket.com https://*.walletconnect.com wss://*.walletconnect.com wss://*.walletconnect.org https://*.amplitude.com https://*.alchemy.com https://*.alchemyapi.io https://*.socket.tech https://api.goldsky.com https://api.goldsky.io https://assets.vercel.com https://vercel.live https://vercel.com https://vitals.vercel-insights.com https://auth.magic.link https://*.magic.link https://*.intercom.io wss://*.intercom.io https://polymarket-upload.s3.us-east-2.amazonaws.com https://*.polymarket.io https://*.coinbase.com https://va.vercel-scripts.com https://*.vercel-scripts.com https://va.vercel-scripts.com/v1/script.debug.js https://api.iconify.design https://*.google-analytics.com https://js.intercomcdn.com https://api-iam.intercom.io https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.redditstatic.com https://*.reddit.com wss://*.pusher.com https://*.pusher.com https://polygon-rpc.com https://api.simplesvg.com/bx.json https://ib.adnxs.com https://d.adroll.com https://s.adroll.com https://acdn.adnxs.com https://api.unisvg.com wss://relay.walletconnect.org https://browser-intake-datadoghq.eu;default-src 'self';font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.intercomcdn.com https://vercel.live;form-action 'self';frame-ancestors 'self' https://auth.magic.link https://vercel.live;frame-src 'self' https://*.walletconnect.com https://*.walletconnect.org https://*.magic.link https://global.transak.com https://vercel.live;img-src 'self' blob: data: https://polymarket-upload.s3.us-east-2.amazonaws.com https://assets.vercel.com https://*.walletconnect.com https://alb.reddit.com https://ib.adnxs.com https://www.facebook.com https://vercel.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://*.intercom.io https://*.googletagmanager.com www.googletagmanager.com https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;script-src-elem 'self' https://*.intercom.io https://*.googletagmanager.com www.googletagmanager.com https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link 'sha256-FZPlDlMTeqDORmlYE10RC9clHRS4T0hmr3qmUImTEgM=' 'sha256-LpaSOWbberseWm9imoaC+ysCWgKfj1BqQTvkK+3f49U=' 'sha256-VeMw0YWTQ3B/16lvulSWfWmvFDJ6h/Dh0ZlaDcC6Xsg=' 'sha256-v0BM73yv/5GaSIfLVBRC5helX8lhanqdp82VUN86fqY=' 'sha256-HmKQJyc9Oo37hDkYVR0w9K4eR1aaxe18l9d9v+MsRGM=';style-src-elem 'self' 'unsafe-inline' https://vercel.live;upgrade-insecure-requests true;report-to https://polymarket.uriports.com/reports/report;report-uri https://polymarket.uriports.com/reports/report; 1
default-src https: 'self' https://*.ahm.com.au https://analytics.tiktok.com https://*.doubleclick.net https://*.evgnet.com https://*.google.com https://*.google-analytics.com https://*.ha-medibank.com https://*.qvalent.com https://*.salesforce.com ; connect-src 'self' https://*.ahm.com.au https://analytics.tiktok.com https://*.beopen.com https://*.bing.com https://*.bugsnag.com https://*.doubleclick.net https://*.evergage.com https://*.google.com https://*.google.com.au https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.growthbook.io https://*.hotjar.io wss://*.hotjar.com wss://*.liveperson.net https://*.loggly.com https://*.sanity.io https://*.zdassets.com https://*.zendesk.com ; font-src data: 'self' https://*.ahm.com.au ; frame-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.liveperson.net https://*.lpsnmedia.net https://*.qvalent.com https://*.westpac.com.au ; img-src 'self' data: https://*.ahm.com.au https://*.bing.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.google.com.au https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.lpsnmedia.net https://*.plavxml.com https://*.sanity.io https://*.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://opensdk.s3-ap-southeast-2.amazonaws.com https://analytics.tiktok.com https://*.bing.com https://*.clicktale.net https://*.doubleclick.net https://*.evgnet.com https://*.facebook.net https://*.google.com https://*.google.com.au https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.liveperson.net https://*.lpsnmedia.net https://*.plavxml.com https://*.zdassets.com https://*.zendesk.com ; style-src 'self' 'unsafe-inline' https://*.ahm.com.au ; report-uri https://service.ahm.com.au/csp ;  1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google-analytics.com addshoppers.s3.amazonaws.com imgs.signifyd.com ka-p.fontawesome.com *.online-metrix.net *.bazaarvoice.com cdn.userway.org cdn11.bigcommerce.com www.googleoptimize.com static-tracking.klaviyo.com *.addthis.com tasks.gsmoutdoors.com cdn-scripts.signifyd.com www.youtube.com na.klarnaevt.com kit.fontawesome.com *.sentry.io x.klarnacdn.net js.klarna.com *.cloudfront.net www.gsmoutdoors.com www.googletagmanager.com oc.klarnaevt.com region1.google-analytics.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdn77.api.userway.org pro.fontawesome.com shop.pe nytrng.com *.googleapis.com static-forms.klaviyo.com static.klaviyo.com i.ytimg.com bes.gcp.data.bigcommerce.com fast.a.klaviyo.com app.shop.pe cdnjs.cloudflare.com vc.hotjar.io a.klaviyo.com *.hotjar.com manage.safeopt.com eu.klarnaevt.com shopper.shop.pe metrics.hotjar.io api.userway.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: https://*.klarnacdn.net *.fontawesome.com *.bugherd.com *.cloudfront.net *.klarnacdn.net https://www.oka.com/media/fonts/Segma-Black.woff2 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://photos.pixlee.co https://photos.pixlee.com https://www.googletagmanager.com/ *.krxd.net *.criteo.com *.facebook.com *.oka.com *.hotjar.com *.pinterest.com *.flashtalking.com *.clarity.ms *.doubleclick.net *.quantserve.com *.wistia.com *.paypalobjects.com *.user1st.info *.vimeo.com *.addthis.com *.spotify.com *.getfeedback.com https://pay.google.com/ www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.gstatic.com *.googleapis.com https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com https://img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.co.uk *.google.com *.linksynergy.com *.krxd.net *.postcodeanywhere.co.uk *.linkedin.com *.bing.com *.pinterest.com *.facebook.com *.atdmt.com *.doubleclick.net *.cloudfront.net *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.360yield.com *.media.net *.teads.tv *.yieldmo.com *.3lift.com *.openx.net *.smaato.net *.advertising.com *.outbrain.com *.yahoo.com *.tapad.com *.aboola.com *.mediawallahscript.com *.casalemedia.com *.mgid.com *.addthis.com *.igodigital.com *.hotjar.com *.usehero.com *.amazonaws.com *.adsymptotic.com *.clarity.ms *.oka.com *.quantserve.com *.akamaihd.net *.wistia.com *.alocdn.com *.tvsquared.com *.googletagmanager.com https://polaris.truevaultcdn.com www.xtento.com cdn.xtento.com https://redchamps.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.attn.tv events.attentivemobile.com *.klarna.com s7.addthis.com https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://ajax.cloudflare.com https://cdn.noibu.com https://client.prod.mplat-ppcprotect.com https://okadev-1.store.advancedcommerce.services/graphenehc.js player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.rakuten.com *.onetrust.com *.krxd.net *.usehero.com *.online-metrix.net *.pcapredict.com *.postcodeanywhere.co.uk *.criteo.net *.criteo.com *.bugherd.com *.cloudfront.net *.licdn.com *.pinimg.com *.bing.com *.facebook.net *.oka.com *.igodigital.com *.hotjar.com *.pinterest.com *.clarity.ms *.doubleclick.net *.quantserve.com *.quantcount.com *.wistia.com *.user1st.info *.tvsquared.com *.googleoptimize.com *.klarnaservices.com *.addthis.com *.addthisedge.com *.moatads.com *.getfeedback.com https://polaris.truevaultcdn.com https://static.cloudflareinsights.com *.lr-ingest.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.klarnacdn.net https://register.feefo.com https://services.postcodeanywhere.co.uk *.fontawesome.com *.postcodeanywhere.co.uk *.cloudfront.net *.klarnacdn.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.usehero.com *.oka.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.googleapis.com *.attn.tv events.attentivemobile.com https://*.klarnaservices.com ekr.zdassets.com/ https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com https://click.prod.mplat-ppcprotect.com https://okadev-1.store.advancedcommerce.services/graphenehc.js http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.adobedtm.com *.onetrust.com *.usehero.com *.doubleclick.net *.postcodeanywhere.co.uk *.bugsnag.com *.pusherapp.com *.pinterest.com *.bugherd.com *.hotjar.com *.hotjar.io http://*.hotjar.com:* wss://*.hotjar.com *.oka.com *.clarity.ms *.akamaihd.net *.wistia.com *.litix.io *.paypal.com *.vimeo.com *.klarnaservices.com https://js.klarna.com/ https://js.playground.klarna.com/ *.klarnaevt.com/ *.cardinalcommerce.com *.bing.com https://location.truevaultcdn.com https://okadev-1.store.advancedcommerce.services https://oka-1.store-uk1.advancedcommerce.services https://oka.tracking-uk1.advancedcom *.tracking.advancedcommerce.services https://www.google.com https://px.ads.linkedin.com https://r.lr-intake.com https://pay.google.com/ data: *.lr-ingest.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dpm.demdex.net/ *.js-agent.newrelic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeos_google 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-5vG0jiAnW7nPv5nhcRGzTsVMXfesuhNeYgKJo2XigHA='; base-uri 'self';report-to csp-endpoint 1
default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 1
worker-src blob:; font-src *.gstatic.com data: fonts.gstatic.com *.kxcdn.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.paytabs.com *.paytabs.sa * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com *.cdninstagram.com *.kxcdn.com *.twitter.com google.com *.fbcdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.googlesyndication.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.innoship.ro https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.apptrian.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://redchamps.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.apptrian.com *.tbicp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.googletagmanager.com www.cwc.com *.googleapis.com *.gstatic.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-za_tI-mgiYzMwHXRxfiqmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' bam-cell.nr-data.net browser-update.org ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com js-agent.newrelic.com maxcdn.bootstrapcdn.com multimedia.email.darkhorse.com *.tfaw.com static.zdassets.com tfaw.zendesk.com widget-mediator.zopim.com www.email.tfaw.com www.tfaw.com bam.nr-data.net js.stripe.com maps.googleapis.com www.gstatic.com www.google.com *.zendesk.com *.zopim.com *.static.zdassets.com c.tvpixel.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.dwin1.com unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com tpc.googlesyndication.com ssl-google-analytics.com translate.googleapis.com translate-pa.googleapis.com account.shareasale.com https://unpkg.com https://commerce.adobedtm.com https://magento-recs-sdk.adobe.net; report-uri /.webscale/csp-report 1
font-src *.amazonaws.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com data: *.truefitcorp.com *.espssl.com *.global-e.com *.monetate.net *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.amazonaws.com www.facebook.com *.global-e.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.livechatinc.com www2.bglobale.com/ *.salesfloor.net *.criteo.com *.google.com *.googletagmanager.com *.paypal.com *.facebook.com *.truefitcorp.com *.g.doubleclick.net *.criteo.net players.brightcove.net *.global-e.com *.styledby.stjohnknits.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.doubleclick.net *.bglobale.com  *.google-analytics.com *.googletagmanager.com *.stickyadstv.com *.google.co.in *.salesfloor.net *.facebook.com *.bing.com *.listrakbi.com *.espssl.com *.global-e.com *.cloudfront.net *.casalemedia.com *.criteo.com *.mediawallahscript.com *.adnxs.com *.analytics.yahoo.com *.yahoo.com *.openx.net s.ad.smaato.net *.media.net *.3lift.com *.pubmatic.com *.tapad.com *.bidswitch.net *.advertising.com *.rubiconproject.com *.addthis.com *.outbrain.com *.ads.yieldmo.com cm.mgid.com *.truefitcorp.com *.linksynergy.com *.taboola.com *.omnitagjs.com *.teads.tv *.sharethrough.com *.smartadserver.com *.360yield.com *.adform.net *.yieldlab.net *.digitaleast.mobi *.privacysandbox.googleadservices.com *.adscale.de *.gstatic.com *.akamaized.net *.googleusercontent.com *.amazonaws.com *.googleapis.com *.clarity.ms *.dmxleo.com *.revcontent.com *.admanmedia.com *.liadm.com *.postrelease.com *.tremorhub.com *.kargo.com *.tpmn.co.kr *.clmbtech.com *.zemanta.com *.adsrvr.org *.bluekai.com *.contextweb.com *.deepintent.com ad.as.amanad.adtdp.com csm.da.us.criteo.net *.rlcdn.com *.ivitrack.com *.mediavine.com ad.sxp.smartclip.net au.ants.vn *.quantserve.com *.yieldmo.com *.twiago.com *.lemmatechnologies.com *.srv.stackadapt.com *.amazon-adsystem.com csm.va.us.criteo.net *.bnmla.com *.simpli.fi *.meba.kr *.mathtag.com *.sitescout.com *.crwdcntrl.net *.targeting.unrulymedia.com *.1rx.io *.adx.opera.com *.clientgear.com *.instantsearchplus.com *.dyntrk.com *.brightmountainmedia.com idsync.admixer.co.kr *.styledby.stjohnknits.com *.aralego.com *.toast.com *.dotomi.com *.aralego.net fksnk.com *.mfadsrvr.com *.onprospects.com *.onaudience.com ad.turn.com *.socdm.com *.adingo.jp *.ad-stir.com *.dable.io creativecdn.com a1.b0e8.com aa.agkn.com d.turn.com beacon.krxd.net *.monetate.net e1.emxdgt.com c.aaxads.com *.gssprt.jp *.pippio.com *.mmtro.com *.rfihub.com *.rezync.com *.narvar.com *.narvar.qa store.paradoxlabs.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.authorize.net *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.truefitcorp.com *.bglobale.com cookiepro.blob.core.windows.net *.appspot.com cdn.livechatinc.com *.listrakbi.com api.livechatinc.com *.google-analytics.com *.jquery.com *.google.com *.googletagmanager.com *.bing.com *.upsellit.com *.salesfloor.net *.rmp.rakuten.com *.facebook.net *.g.doubleclick.net *.newrelic.com *.quantcount.com *.criteo.net *.criteo.com widget.us.criteo.com *.nr-data.net *.googleapis.com *.freegeoip.net *.clarity.ms *.loopme.me *.quantserve.com *.bnmla.com *.krxd.net console.brightmountainmedia.com ad.turn.com s-cs.send.microad.jp beacon.krxd.net *.thebrighttag.com *.mfadsrvr.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.b0e8.com *.monetate.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.bglobale.com cookiepro.blob.core.windows.net cdn.listrakbi.com *.truefitcorp.com *.espssl.com *.global-e.com *.styledby.stjohnknits.com *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com *.kxcdn.com *.listrakbi.com *.upsellit.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de staticw2.yotpo.com *.cardinalcommerce.com *.payments-amazon.co.jp *.payments-amazon.co.uk *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.amazonaws.com *.bglobale.com *.stjohnknits.com *.truefitcorp.com  *.google-analytics.com *.google.com *.googletagmanager.com *.paypal.com *.nr-data.net *.g.doubleclick.net *.uc.r.appspot.com ultimate-dot-acp-magento.appspot.com *.livechatinc.com *.bing.com *.googleapis.com *.clarity.ms www.facebook.com *.listrakbi.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3D_P8sUaZwMMzRN48phtvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mYTR0F69Bm4zwVTo3H2TUg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-k1RJdKurMZV3SZG0vtGv2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zW91w97aTug0_N_LuV47wQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-t-86VthX_gBlIau2BJdpEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mVfBNFDZ5wwjsjTTLi0r4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-yvWoTfkfueqfOUJHMHsfqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JZ-DrR2lAxBuHMyie9b-HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-luxTFjt0FO-3yzvadFh2VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iTwot6z5bpUhtxZ9Q9gefA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://d1g5x7b3jtu99v.cloudfront.net;script-src 'self' 'unsafe-inline' js.stripe.com widget.intercom.io js.intercomcdn.com cdn.segment.com cdn.lr-in-prod.com https://*.google-analytics.com api.figma.com https://d1g5x7b3jtu99v.cloudfront.net data: connect.facebook.net https://googleads.g.doubleclick.net https://*.googletagmanager.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1g5x7b3jtu99v.cloudfront.net;img-src *;font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;media-src 'self' https://js.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;connect-src 'self' https://*.chromatic.com https://index.chromatic.com snapshots.chromatic.com api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.segment.com https://*.google-analytics.com https://analytics.google.com https://api.segment.io https://stats.g.doubleclick.net https://api-us-east-1.graphcms.com https://r.lr-in-prod.com webmention.io hichroma.us15.list-manage.com https://*.ingest.sentry.io api.figma.com https://pagead2.googlesyndication.com;child-src 'self' blob:;frame-src 'self' https://www.chromatic.com https://index.chromatic.com snapshots.chromatic.com js.stripe.com https://www.youtube.com https://chromatic-interactive-demo.netlify.app https://*.chromatic.com https://td.doubleclick.net;frame-ancestors 'self';report-uri https://edb4c8fdf13eff8df39cb6e75bcab026.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.runnings.com *.cloudmaestro.com *.googleapis.com *.google-analytics.com *.vaimo.net *.cloudfront.net *.google.com www.gstatic.com *.yotpo.com fonts.gstatic.com staticw2.yotpo.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.gstatic.com *.listrakbi.com js.adsrvr.org cdn.noibu.com s.pinimg.com connect.facebook.net docs.paymentjs.firstdata.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com *.googletagmanager.com services.listrak.com *.secure.quantserve.com secure.quantserve.com rules.quantcount.com *.duosecurity.com *.simpli.fi *.criteo.com *.criteo.net *.paypal.com *.klevu.com blob: www.paypalobjects.com assets.adobedtm.com; worker-src www.runnings.com blob:; report-uri /.webscale/csp-report 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-i-FwmA9YKhre603KFgfQxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ipv4check.ec-elements.com ipv6check.ec-elements.com data: 'unsafe-eval'; report-uri /csp-violation-report-endpoint/ 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-3f2c25a4c9284aeea4f35b726f4f202d' https://www.mypremisehealth.com 'self';img-src https://* 'self' blob: data:;style-src https://www.mypremisehealth.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src 'self' https://cdn.jsdelivr.net https://platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://dev1fairwinds.report-uri.com/r/t/csp/reportOnly 1
font-src *.fontawesome.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com https://secure-test.worldpay.com https://*.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com https://s3.amazonaws.com https://chd.stats.paypal.com https://*.univarsolutions.com https://*.google.com https://static.hotjar.com https://*.loopanalytics.com https://qa-nexeo.cs196.force.com https://consent.trustarc.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://*.loopanalytics.com https://ws.zoominfo.com https://*.googleapis.com https://*.newrelic.com https://*.hotjar.com https://d16i99j5zwwv51.cloudfront.net/sdk_library/us/prd/ops/pc_gsmpi_web_sdk.js https://d35p4vvdul393k.cloudfront.net/sdk_library/us/stg/ops/pc_gsmpi_web_sdk.js https://ict.infinity-tracking.net https://c.la2-c2-ia5.salesforceliveagent.com https://d.la2-c2-ia5.salesforceliveagent.com https://consent.trustarc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://nas.lon.infinity-tracking.net https://ict.infinity-tracking.net https://*.smartystreets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self'; style-src 'self'; report-uri https://teratorium.uriports.com/reports/report; report-to default 1
default-src 'self' oekom.de www.oekom.de *.newsletter2go.com *.saferpay.com https://whstatistics-api.wirth-horn.de https://whstatistics-api-test.wirth-horn.de captcha.wirth-horn.de https://cookiemanager.wirth-horn.de matomo.oekomlamp.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.podigee-cdn.net 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self'; frame-ancestors 'self' https://matomo.oekomlamp.de; report-uri /csp-report.cfm 1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.lamaisonduchocolat.com *.avis-verifies.com/ *.vimeocdn.com *.vimeo.com reetags.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.lamaisonduchocolat.com *.vimeo.com *.paypal.com *.gstatic.com *.analytics.google.com reetags.com https://images.unsplash.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.lamaisonduchocolat.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.gstatic.com *.google.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com reetags.com sdk.privacy-center.org js.aploze.com *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.lamaisonduchocolat.com reetags.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.lamaisonduchocolat.com *.googleapis.com *.analytics.google.com reetags.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com https://widget.freshworks.com https://chart.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1
default-src 'self' 'unsafe-inline'; frame-src 'self' www.youtube.com app.hubspot.com; script-src 'self' 'unsafe-eval'; img-src 'self' data: www.off2class.com secure.gravatar.com s0.wp.com wpmudev.com ps.w.org track.hubspot.com; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.googletagmanager.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com fonts.bunny.net; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com s0.wp.com fonts.bunny.net; connect-src 'self' yoast.com wpmudev.com www.google-analytics.com api.hubspot.com; worker-src 'self' blob:; report-uri /wp-json/csp/report 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.whisbi.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com connect.facebook.net *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com open.spotify.com *.facebook.net *.iadvize.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com tr.snapchat.com *.storyblok.com *.placeholder.com px.ads.linkedin.com *.whisbi.com t.co *.iadvize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js-agent.newrelic.com bam.nr-data.net script.crazyegg.com snap.licdn.com static.ads-twitter.com sc-static.net track.adform.net *.whisbi.com www.google.fr sdk.privacy-center.org *.adform.net analytics.twitter.com *.iadvize.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.whisbi.com *.iadvize.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es script.crazyegg.com bam.nr-data.net tracking.crazyegg.com *.whisbi.com *.iadvize.com wss://*.iadvize.com wss://*.twilio.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' data: *.linqapp.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io api.amplitude.com bam.nr-data.net www.google-analytics.com res.cloudinary.com https://api.rollbar.com https://www.facebook.com https://vimeo.com webhooks.fivetran.com;frame-src 'self' js.stripe.com https://player.vimeo.com https://www.youtube.com/;img-src 'self' data: res.cloudinary.com www.facebook.com https://i.vimeocdn.com https://js.intercomcdn.com https://static.intercomassets.com;script-src 'self' 'unsafe-eval' https://connect.facebook.net https://js.stripe.com https://assets.calendly.com https://widget.intercom.io https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' assets.calendly.com bam.nr-data.net connect.facebook.net js-agent.newrelic.com js.intercomcdn.com js.stripe.com widget.intercom.io www.googletagmanager.com https://www.youtube.com/;script-src-attr 'unsafe-inline';report-uri https://linqapp.report-uri.com/r/d/csp/reportOnly;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
font-src *.klarnacdn.net use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.refersion.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com s7.addthis.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.refersion.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com landofcoder.com ekr.zdassets.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.refersion.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src  *.criteo.net *.zip.co *.iyzipay.com *.gstatic.com *.cloudfront.net *.zipmoney.com.au *.zip.co *.zoovu.com *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cloudfront.net *.adyen.com *.euw2.pure.cloud *.salecycle.com *.tradedoubler.com *.brightcove.net *.demdex.net 'self' 'unsafe-inline';img-src *.bazaarvoice.com *.dyson.vn *.facebook.com *.dysoncanada.ca *.dyson.com.ee *.afterpay.com *.demdex.net *.everesttech.net *.zipmoney.com.au *.yahoo.net *.zip.co *.adyen.com *.euw2.pure.cloud *.assetsadobe2.com *.mktgcdn.com *.zip.co *.googletagmanager.com *.amazonaws.com *.dyson.com.ro *.adobe.com *.google-analytics.com *.riskified.com *.googletagmanager.com *.omtrdc.net *.zoovu.com *.doubleclick.net *.brightcove.com *.boltdns.net data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.afterpay.com *.dyson.com.ro *.queue-it.net *.zipmoney.com.au *.zip.co *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.omtrdc.net *.googletagmanager.com *.go-mpulse.net *.zencdn.net *.doubleclick.net *.facebook.net *.google-analytics.com *.brightcove.net *.s3.amazonaws.com *.salecycle.com *.zoovu.com *.afterpay.com *.zipmoney.com.au *.zip.co *.riskified.com blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.zip.co *.googleapis.com *.optimizely.com *.zip.co *.checkout.com *.zoovu.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.bazaarvoice.com wss://websocket.bold360.com *.akstat.io *.dyson.com.ee *.googleapis.com *.zipmoney.com.au *.zip.co *.adyen.com *.google.com *.nr-data.net *.amazonaws.com *.pure.cloud *.newrelic.com wss://webmessaging.euw2.pure.cloud *.googletagmanager.com *.go-mpulse.net *.doubleclick.net *.facebook.net *.brightcove.net *.s3.amazonaws.com *.salecycle.com *.google-analytics.com *.demdex.net *.omtrdc.net *.zoovu.com *.cloudfront.net *.zipmoney.com.au *.zip.co *.riskified.com *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 1
default-src https: wss://ws.tsarvar.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
default-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:; style-src * data: blob: 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' d.bongo4u.com; script-src 'self' data: 'unsafe-inline' d.bongo4u.com blob: 'unsafe-eval' bongo4u.com *.bongo4u.com *.emerge2.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com chimpstatic.com *.ipify.org jsonip.com *.amazonaws.com/downloads.mailchimp.com/ *.jquery.com *.hotjar.com acsbapp.com *.bootstrapcdn.com googleads.g.doubleclick.net *.elfsight.com *.createsend1.com *.roomvo.com; connect-src 'self' data: 'unsafe-inline' d.bongo4u.com comments.emerge2.com util.emerge2.com bongo4u.com *.emerge2.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com acsbapp.com *.acsbapp.com *.elfsight.com createsend.com *.ipify.org *.mailchimp.com *.catalog-display.com *.roomvo.com; frame-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.google.com *.google.ca *.googleapis.com *.googletagmanager.com *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.adobe.com *.hotjar.com *.storefrontcloud.io *.roomvo.com *.loom.com; object-src 'self' data: 'unsafe-inline' d.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src 'self' https: data: blob: d.bongo4u.com *.bongo4u.com *.ytimg.com *.orgill.com android-webview-video-poster; media-src 'self' https: data: d.bongo4u.com; style-src 'self' data: 'unsafe-inline' d.bongo4u.com bongo4u.com *.bongo4u.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.cloudflare.com/ajax/libs/; font-src 'self' data: 'unsafe-inline' d.bongo4u.com *.googleapis.com fonts.gstatic.com *.bootstrapcdn.com fonts.cdnfonts.com *.googleusercontent.com *.cloudflare.com/ajax/libs/ *.hotjar.com *.acsbapp.com; report-uri https://util.emerge2.com/csp_violations_tracker.php; 1
base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbc97f311fa4b760aa9d5cff03790e285&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=production; font-src 'self' fast.fonts.net fonts.gstatic.com *.fontawesome.com d2m21dzi54s7kp.cloudfront.net cdnjs.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2m21dzi54s7kp.cloudfront.net *.googletagmanager.com *.addthis.com *.addthisedge.com *.informz.net *.adroll.com *.snapengage.com *.bugherd.com *.facebook.com *.bootstrapcdn.com cdnjs.cloudflare.com polyfill.io *.moatads.com *.fontawesome.com *.google-analytics.com *.licdn.com *.googleapis.com *.facebook.net; media-src 'self'; object-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-f_mRoZp_fZkTRcGvN5hHEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-gdORaIMJxHDkX4kxiCwrDw==' yastatic.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru *.maps.yandex.net suggest-maps.yandex.ru www.youtube.com s.ytimg.com 'strict-dynamic' 'report-sample'; style-src fonts.googleapis.com 'unsafe-inline' yastatic.net mc.yandex.ru blob:; font-src fonts.gstatic.com yastatic.net data:; img-src 'self' data: blob: avatars.yandex.net mc.admetrica.ru mc.yandex.ru mc.yandex.com yastatic.net avatars.mds.yandex.net *.cdn.yandex.net api-maps.yandex.ru *.maps.yandex.net static-maps.yandex.ru yandex.ru *.captcha.yandex.net storage-int.mds.yandex.net tc.mobile.yandex.net www.facebook.com carsharing.s3.yandex.net carsharing-violations.s3.yandex.net linkedin.com *.ads.linkedin.com www.linkedin.com www.google.com www.google.kz www.google.ru www.googleadservices.com googleads.g.doubleclick.net view.adjust.com ya-authproxy.taxi.yandex.com taxi-promotions.s3.yandex.net; frame-src 'self' forms.yandex.ru forms.yandex.com forms.yandex.kz forms.yandex.by forms.yandex.com www.youtube.com www.youtube-nocookie.com download.yandex.ru *.cdn.yandex.net trust.yandex.com; child-src 'self' blob:; connect-src 'self' mc.yandex.ru mc.yandex.com blob: yandex.ru passport.yandex.com *.yandex.net api-maps.yandex.ru trust.yandex.com ya-authproxy.taxi.yandex.com yastatic.net; media-src streaming.video.yandex.ru *.storage.yandex.net *.cdn.yandex.net yastatic.net; frame-ancestors 'self' support-uber.com *.support-uber.com yango.yandex.com http://webvisor.com eda.yandex *.yandex-team.ru yandex.com *.yandex.com *.yandex.com; manifest-src 'self'; report-uri https://csp.yandex.net/csp?from=taxi-uber-frontend-reports&project=taxi-uber-frontend&yandex_login=&yandexuid=; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-k4NN68zCBDV_rTQCJ4ZG-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'unsafe-eval' 'self' 'unsafe-inline'  'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' *.usercentrics.eu/ *.usercentrics.com/ https://maps.googleapis.com https://app.usercentrics.eu https://js.hsforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hs-scripts.com https://apps.elfsight.com https://static.elfsight.com https://forms.hsforms.com/ https://static.businessbike.de/; script-src-elem 'self' 'unsafe-inline' secure.adnxs.com/ *.facebook.net/ *.ads-twitter.com/ *.youtube.com/ *.gstatic.com/ *.google-analytics.com/ *.google.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ *.linkedin.com/ *.clarity.ms https://a.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://bat.bing.com/ 'sha256-4Fgc+rmY2CWIS/Iu4eOBLSwEVHSJHQwRQA8QsAcoaMA=' 'sha256-QoPdnbMd1dyknqCfvI971xGxlajhOMS54r7tclyRsNk=' 'sha256-UMWfmReBIoR8be6oLQoUUzfsjUbjHmPU5X5Oa2xB2bw=' 'sha256-rTWylbtfP2tlUZy1UTVC+e8VaJ8myvtf3jfO6kzET6I=' 'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' 'sha256-rs6KClOKD5uekeoTJFtkA1CY/JzoQHftoDxKSxUfinM=' https://www.googletagmanager.com blob: https://forms.hsforms.com/ https://js.hsforms.net/ https://js.hs-scripts.com/ https://apps.elfsight.com/ https://app.usercentrics.eu/ https://static.businessbike.de/ https://js.hs-analytics.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://static.elfsight.com/ https://maps.googleapis.com/ https://maps.googleapis.com/maps/api/mapsjs/ 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-LPE1FjPoSbFVAFRURZZRaYmFd2oy1AXZ0z0OVQ6bI6k='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://* *.google.com/ *.google.de/ *.google-analytics.com/ *.hsforms.com/ *.usercentrics.eu/ *.usercentrics.com/ *.businessbike.de/ *.bing.com/ *.linkedin.com/ *.clarity.ms/ https://c.bing.com/ https://px.ads.linkedin.com/ https://c.clarity.ms/ https://bat.bing.com/ www.googletagmanager.com https://static.businessbike.de/ https://app.usercentrics.eu https://track.hubspot.com https://images.ctfassets.net https://i.ytimg.com https://maps.gstatic.com/ https://maps.googleapis.com/maps/ data:; font-src 'self' https://fonts.gstatic.com/ data:; connect-src 'self' cdn.linkedin.oribi.io/ *.doubleclick.net/ *.google-analytics.com/ *.usercentrics.eu/ *.clarity.ms/ *.hsforms.com/ https://api.hubspot.com https://apps.elfsight.com https://service-reviews-ultimate.elfsight.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://maps.googleapis.com/ https://portal.businessbike.de/ https://api.usercentrics.eu; media-src 'self' https://videos.ctfassets.net; object-src 'none'; frame-src 'self' *.facebook.com/ *.google.com/ *.usercentrics.eu/ *.usercentrics.com/ *.hsforms.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' data: https://www.gstatic.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src * 'self' blob: data:; media-src 'self' data: https://cdn.sanity.io/files/0jsd7db7/ https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://bat.bing.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.customer.io https://eu.customerioforms.com https://*.facebook.net https://*.hotjar.com https://*.licdn.com https://*.segment.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.doubleclick.net https://*.lfeeder.com https://www.youtube.com https://netlify-rum.netlify.app/netlify-rum.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://bat.bing.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.customer.io https://eu.customerioforms.com https://*.facebook.net https://*.hotjar.com https://*.licdn.com https://*.segment.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.doubleclick.net https://*.lfeeder.com https://www.youtube.com https://netlify-rum.netlify.app/netlify-rum.js; connect-src 'self' blob: https://o956240.ingest.sentry.io https://*.cloudflareinsights.com https://*.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.optimizely.com https://cf-headers.kevin-eu.workers.dev https://cdn.segment.com https://api.segment.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://boards-api.greenhouse.io https://bat.bing.com https://www.facebook.com https://cdn.linkedin.oribi.io https://unpkg.com https://ingesteer.services-prod.nsvcs.net/rum_collection; form-action 'self' https://webto.salesforce.com https://eu.customerioforms.com https://www.facebook.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://eu.customerioforms.com https://webto.salesforce.com https://www.google.com https://*.doubleclick.net; object-src 'none'; report-uri https://o956240.ingest.sentry.io/api/6483510/security/?sentry_key=5927e502672f4c7494ca08f6636af094; report-to csp-endpoint 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdn.cookielaw.org chimpstatic.com tags.clickagy.com plugin.credova.com static.zdassets.com cdn.avmws.com d1igp3oop3iho5.cloudfront.net www.google-analytics.com s7.addthis.com ssl.avmws.com z.moatads.com v1.addthisedge.com m.addthis.com www.google.com www.gstatic.com; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-wb-gQft2cOmKPjOdRxbwhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; child-src 'self' blob:; connect-src 'self' https://*.stickerapp.com https://j99h97vrz5.kameleoon.eu https://j99h97vrz5.kameleoon.io https://na-data.kameleoon.io https://data.kameleoon.io https://data.kameleoon.net https://*.kameleoon.com https://*.mixpanel.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://adservice.google.com https://*.adservice.google.com https://googleadservices.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://fast.a.klaviyo.com https://a.klaviyo.com https://static-forms.klaviyo.com https://stats.g.doubleclick.net https://node.fileapp.io https://tools.fileapp.io https://www.paypal.com https://www.facebook.com https://d6ce0no7ktiq.cloudfront.net https://translate.googleapis.com https://bat.bing.com https://analytics.tiktok.com https://px.ads.linkedin.com https://script.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://api-js.datadome.co https://ad.doubleclick.net https://translate-pa.googleapis.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://analytics.stickerapp.se https://analytics.stickerapp.dk https://analytics.stickerapp.co.uk https://analytics.stickerapp.de https://analytics.stickerapp.no https://analytics.stickerapp.nl https://analytics.stickerapp.fi https://analytics.stickerapp.com https://analytics.stickerapp.it https://analytics.stickerapp.fr https://analytics.stickerapp.jp https://analytics.stickerapp.es https://analytics.stickerapp.pt https://analytics.stickerapp.pl; default-src 'self'; font-src 'self' 'self' data: https://d6ce0no7ktiq.cloudfront.net https://use.typekit.net https://fonts.gstatic.com https://static.klaviyo.com https://cdnjs.cloudflare.com https://sc-static.net; form-action 'self' https://checkoutshopper-live.adyen.com https://www.facebook.com; frame-src https://stickerapp.com https://www.youtube.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://graphical-editor.kameleoon.com https://editor.kameleoon.com https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://checkoutshopper-live.adyen.com https://www.paypal.com https://www.paypalobjects.com https://www.facebook.com; img-src 'self' data: https://*.stickerapp.com https://s3-eu-west-1.amazonaws.com https://static.kameleoon.com 'self' blob: data: https://www.paypalobjects.com https://j99h97vrz5.kameleoon.eu https://j99h97vrz5.kameleoon.io https://storage.kameleoon.eu https://graphical-editor.kameleoon.com https://d6ce0no7ktiq.cloudfront.net https://checkoutshopper-live.adyen.com https://fileapp-eu-north-1.s3.eu-north-1.amazonaws.com https://fileapp-eu-central-1.s3.eu-central-1.amazonaws.com https://fileapp-us-east-1.s3.us-east-1.amazonaws.com https://fileapp-us-west-1.s3.us-west-1.amazonaws.com https://fileapp-ap-southeast-2.s3.ap-southeast-2.amazonaws.com https://fileapp-ap-northeast-1.s3.ap-northeast-1.amazonaws.com https://www.google.se https://t.paypal.com https://www.googleadservices.com https://www.facebook.com https://*.googlesyndication.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://google.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://connect.facebook.net https://i.ytimg.com https://translate.googleapis.com https://bat.bing.com https://px.ads.linkedin.com https://*.gstatic.com https://lh3.googleusercontent.com https://d3k81ch9hvuctc.cloudfront.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://analytics.stickerapp.se https://analytics.stickerapp.dk https://analytics.stickerapp.co.uk https://analytics.stickerapp.de https://analytics.stickerapp.no https://analytics.stickerapp.nl https://analytics.stickerapp.fi https://analytics.stickerapp.com https://analytics.stickerapp.it https://analytics.stickerapp.fr https://analytics.stickerapp.jp https://analytics.stickerapp.es https://analytics.stickerapp.pt https://analytics.stickerapp.pl; object-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://j99h97vrz5.kameleoon.eu https://j99h97vrz5.kameleoon.io https://graphical-editor.kameleoon.com https://client-config.kameleoon.com https://static.kameleoon.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://d6ce0no7ktiq.cloudfront.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://googleads.g.doubleclick.net https://www.paypal.com https://www.googleadservices.com https://connect.facebook.net https://pagead2.googlesyndication.com https://www.paypalobjects.com https://translate-pa.googleapis.com https://www.google-analytics.com https://bat.bing.com https://www.dwin1.com https://snap.licdn.com https://script.crazyegg.com https://analytics.tiktok.com https://apis.google.com https://sc-static.net; style-src 'self' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://static-tracking.klaviyo.com https://static.klaviyo.com https://www.gstatic.com https://www.paypalobjects.com; report-uri https://api.stickerapp.com/log/csp_report; 1
object-src 'none';base-uri 'self';script-src 'nonce-gm7W0Eb-4oERIeelYeb5BQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tpg.hafas.cloud *.facebook.net adservice.google.com www.google.com *.googleapis.com www.google.ch *.gstatic.com consentcdn.cookiebot.com www.google.fr *.doubleclick.net www.google-analytics.com imgsct.cookiebot.com www.youtube.com *.licdn.com acdn.adnxs.com consent.cookiebot.com region1.analytics.google.com ib.adnxs.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de cloudinary.com *.cloudinary.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob *.weltpixel.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: widgets.automizely.com widgets.automizely.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com store.paradoxlabs.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com js.hsforms.net bat.bing.com ct.pinterest.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn1.stamped.io blob 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.authorize.net cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io unsafe-inline assets.braintreegateway.com cloudinary.com *.cloudinary.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com *.klevu.com *.ksearchnet.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cloudinary.com *.cloudinary.com forms.hsforms.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.authorize.net cdn.ampproject.org www.googleapis.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-jDgsxAK8omR9rBaWVai_0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5ffCDyT-RfeaqazJCYO5IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src 'self' data: cdn.embedly.com fonts.gstatic.com js.intercomcdn.com use.typekit.net www.tillerhq.com chrome-extension github.com; form-action 'self' www.facebook.com intercom.help; frame-src 'self' accounts.google.com assets.pinterest.com ct.pinterest.com auth.tillermoney.com data: docs.google.com sheets.tillerhq.com tpc.googlesyndication.com trends.google.com www.awin1.com www.adbstr.com www.facebook.com www.google.com www.googletagmanager.com www.pinterest.com www.zenaps.com bid.g.doubleclick.net intercom-sheets.com videopress.com www.youtube.com; manifest-src 'self'; media-src 'self' data: js.intercomcdn.com videos.files.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.embedly.com cdn.ampproject.org cloudfront.net *.cloudfront.net embed.redditmedia.com a.omappapi.com a.optnmstr.com ajax.googleapis.com assets.pinterest.com ssl.gstatic.com ssl.google-analytics.com connect.facebook.net r.wdfl.co s.pinimg.com storychief.piwikpro.com tpc.googlesyndication.com cdn.mxpnl.com cdnjs.cloudflare.com googleads.g.doubleclick.net js.intercomcdn.com static.ads-twitter.com stats.wp.com v0.wordpress.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.pagespeed-mod.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com p.typekit.net use.typekit.net; report-uri https://tillerhq.report-uri.com/r/t/csp/reportOnly; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-_C_IGcsAJEoEdZx2Hv-u6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
child-src https://checkoutshopper-test.adyen.com https://paymentacceptsample.cloud.dynamics.com https://www.instagram.com https://maps.googleapis.com https://*.adyen.com https://*.bing.com https://*.su.retail.dynamics.com https://venchib2c.b2clogin.com https://*.doubleclick.net https://checkoutshopper-live.adyen.com/ https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://*.google.com 'self';connect-src https://checkoutshopper-test.adyen.com https://www.instagram.com https://fonts.googleapis.com/ https://maps.googleapis.com https://*.adyen.com https://*.bing.com https://*.su.retail.dynamics.com https://venchib2c.b2clogin.com https://www.sandbox.paypal.com https://*.doubleclick.net https://www.paypal.com https://www.google-analytics.com https://checkoutshopper-live.adyen.com/ https://cdn.acsbapp.com https://www.clarity.ms  https://*.pinterest.com https://*.klaviyo.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://*.fanplayr.com https://d38nbbai6u794i.cloudfront.net https://*.google.com 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com https://us.venchi.com https://scul8sqgzfx60901113-rs.su.retail.dynamics.com/ https://7ed979d1-d671-4160-b4ba-e6853701fa16.rnr.ms;font-src https://fonts.googleapis.com/ https://acsbapp.com/ https://use.typekit.net https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://fonts.gstatic.com 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-ancestors https://*.adyen.com https://youtu.be/yqSchHSCTm8 https://*.youtube.com https://*.bing.com https://*.su.retail.dynamics.com https://venchib2c.b2clogin.com https://*.doubleclick.net https://acsbapp.com/ https://accounts.accessibe.com/ https://us.venchi.com https://*.google.com;frame-src https://*.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://*.doubleclick.net https://hal9000.redintelligence.net/ https://gum.criteo.com/ https://www.facebook.com https://acsbapp.com/ https://accounts.accessibe.com/ https://*.paypalobjects.com https://authentication.cardinalcommerce.com https://us.venchi.com https://3dsecure.cartasi.it https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://*.google.com;img-src https://checkoutshopper-test.adyen.com https://*.virtualearth.net https://*.bing.com https://*.su.retail.dynamics.com https://www.paypalobjects.com https://*.outbrain.com https://www.google-analytics.com/ https://www.facebook.com https://secure.adnxs.com https://www.google.com https://www.google.it https://*.paypal.com https://checkoutshopper-live.adyen.com https://acsbapp.com https://web1.acsbapp.com https://*.clarity.ms/ https://*.facebook.net https://*.quantserve.com https://*.pinterest.com https://*.crwdcntrl.net https://*.agkn.com https://*.smartadserver.com https://*.googletagmanager.com https://*.gstatic.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://*.fanplayr.com https://d38nbbai6u794i.cloudfront.net https://*.google.com https://p.typekit.net 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com;object-src https://*.adyen.com https://*.bing.com 'self';script-src 'unsafe-inline' https://www.instagram.com https://checkoutshopper-test.adyen.com https://*.adyen.com https://maps.googleapis.com https://oc-cdn-public-eur.azureedge.net https://*.bing.com https://*.virtualearth.net https://*.su.retail.dynamics.com https://venchib2c.b2clogin.com https://www.paypal.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://connect.facebook.net https://static.criteo.net https://www.dwin1.com https://*.outbrain.com https://js.sddan.com  https://sddan.mgr.consensu.org  https://*.doubleclick.net https://checkoutshopper-live.adyen.com https://acsbapp.com https://*.paypalobjects.com https://www.clarity.ms https://*.quantserve.com https://*.pinimg.com https://*.quantcount.com https://*.klaviyo.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://*.fanplayr.com https://d38nbbai6u794i.cloudfront.net https://ajax.googleapis.com https://*.google.com https://use.typekit.net 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://us.venchi.com https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src 'unsafe-inline' https://checkoutshopper-test.adyen.com https://*.bing.com https://checkoutshopper-live.adyen.com https://*.klaviyo.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://fonts.fanplayr.com https://*.google.com https://fonts.googleapis.com https://use.typekit.net 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://us.venchi.com ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self';media-src 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; img-src 'self' *.gaertner.de; frame-src 'self' https://www.openstreetmap.org ; font-src 'self' ; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: flyarystan.com mc.yandex.md www.google-analytics.com adservice.google.com www.googletagmanager.com api.infobip.com *.googlesyndication.com www.youtube.com www.google.kg cdnjs.cloudflare.com code.jquery.com www.google.ru cdn.jsdelivr.net *.facebook.net cdn.amplitude.com *.facebook.com booking.flyarystan.com mc.yandex.com mc.yandex.ru momentjs.com pics.esputnik.com esputnik.com push.esputnik.com cdn-cookieyes.com www.google.com unpkg.com *.doubleclick.net region1.analytics.google.com analytics.google.com mc.yandex.kz livechat.infobip.com api2.amplitude.com directory.cookieyes.com www.google.co.in kzr-ports.hosting.aero *.gstatic.com log.cookieyes.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-cc046357fe'; script-src-attr 'nonce-cc046357fe' https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js; style-src 'self' https://d10lpsik1i8c69.cloudfront.net https://tags.srv.stackadapt.com https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://*.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com; img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://td.doubleclick.net/; font-src 'self' data:; base-uri 'self'; manifest-src 'self'; object-src 'none'; worker-src blob: ; 1
object-src 'none';base-uri 'self';script-src 'nonce-MgwmZixvPDKb_1oWqQSN4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4NvpSbL81zhXGxShbTwb8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com cdn.checkout.com *.postcodeanywhere.co.uk static.zdassets.com cookie-cdn.cookiepro.com maw.bronto.com s.yimg.com theirishstore-new.zendesk.com ct.pinterest.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com https://plumrocket.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * pay.realexpayments.com pay.sandbox.realexpayments.com *.twitter.com payments-panel.production.eshopworld.com pay.theirishstore.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net www.facebook.com account.fetchify.com https://plumrocket.com *.trustpilot.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * pay.realexpayments.com pay.sandbox.realexpayments.com *.twitter.com *.checkout.com *.cookiebot.com *.postcodeanywhere.co.uk consent.azureedge.net www.pinterest.com www.pinterest.co.uk www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.googleadservices.com www.google-analytics.com *.adyen.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.google.co.uk *.zopim.com d23yuld0pofhhw.cloudfront.net *.postcodeanywhere.co.uk static.zdassets.com cdnstatic.theirishstore.com sp.analytics.yahoo.com www.theirishstore.com i.imgur.com bat.bing.com ct.pinterest.com payments-panel.production.eshopworld.com apps.elfsight.com proxy.elfsightcdn.com sonassi.theirishstore.co *.ometria.com dashboard.edesk.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googlecommerce.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.pcapredict.com *.trackedweb.net *.cookiebot.com *.postcodeanywhere.co.uk *.mouseflow.com *.newrelic.com *.nr-data.net static.zdassets.com consent.azureedge.net *.dwin1.com geolocation.onetrust.com cookie-cdn.cookiepro.com snip.bronto.com s.pinimg.com s.yimg.com bat.bing.com connect.facebook.net maw.bronto.com ct.pinterest.com theirishstore-new.zendesk.com g792337340.co tag.mention-me.com static.mention-me.com payments-panel.production.eshopworld.com pay.theirishstore.com apps.elfsight.com static.elfsight.com zdassets.com *.ometria.com *.xsellco.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.trustpilot.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk static.zdassets.com payments-panel.production.eshopworld.com apps.elfsight.com widgets.xsellco.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.google-analytics.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.cloudflare.com *.twitter.com *.twimg.com zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.doubleclick.net *.nr-data.net cookie-cdn.cookiepro.com s.yimg.com ct.pinterest.com maw.bronto.com theirishstore-new.zendesk.com privacyportal.cookiepro.com www.googletagmanager.com fiddler.brontops.com payments-panel.production.eshopworld.com pay.theirishstore.com apps.elfsight.com api.instacloud.io static.zdassets.com widgets.xsellco.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.google.com *.gstatic.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com www.paypalobjects.com amc.demdex.net fast.amc.demdex.net bid.g.doubleclick.net nsg.symantec.com *.hotjar.com www.youtube.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com https://nytrng.com/ *.attn.tv *.guarantee-cdn.com ssl.kaptcha.com *.fls.doubleclick.net *.paypal.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.com *.klevu.com bat.bing.com *.gstatic.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com *.cloudfront.net nsg.symantec.com *.wpengine.com www.googletagmanager.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.trackedlink.net *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com *.shop.pe wt.rqtrk.eu id5-sync.com *.payments-amazon.com guarantee-cdn.com 'self' blob: *.hotjar.com https://bttrack.com *.paypalobjects.com *.googlesyndication.com *.doubleclick.net *.hubspot.com graph.facebook.com business.facebook.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net googleads.g.doubleclick.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com js-agent.newrelic.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms https://www.google-analytics.com *.lfeeder.com https://shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com https://bttrack.com *.google.co.in *.googleadservices.com *.authorize.net *.paypal.com www.youtube.com analytics.tiktok.com tpc.googlesyndication.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.kaptcha.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net www.google-analytics.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com bat.bing.com *.gstatic.com *.amazonaws.com *.paypal.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com bam.nr-data.net bam-cell.nr-data.net stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.socialannex.com *.visualwebsiteoptimizer.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com www.facebook.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com https://shop.pe *.shop.pe *.attn.tv events.attentivemobile.com *.hotjar.com https://google.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io wss://*.hotjar.com *.blackcrow.ai https://bttrack.com *.authorize.net analytics.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.google.com www.google.com.ua *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://chimpstatic.com ss.rubberb.com https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src tagmanager.google.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.twitter.com *.twimg.com ss.rubberb.com https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io *.licdn.com *.ofi.com ixfd2-api.bc0a.com *.linkedin.com b.tile.openstreetmap.org www.googletagmanager.com *.demdex.net cdn.bc0a.com secure.leadforensics.com *.omtrdc.net pi.pardot.com c.tile.openstreetmap.org *.everesttech.net secure.intelligentdata52.com img.youtube.com metrics.hotjar.io www.google.com adservice.google.com assets.adobedtm.com *.hotjar.com tags.srv.stackadapt.com *.onetrust.com content.hotjar.io www.google-analytics.com secure.beer7live.com a.tile.openstreetmap.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src-attr 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://www.inalco.fr/report-uri/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wss://waf.intelix.pl wroclaw.intelix.pl:63981 static.site24x7rum.com *.sr.gov.pl waf.intelix.pl www.google.com maps.google.com *.gstatic.com wss://wroclaw.intelix.pl:63981 ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.aiglife.co.uk *.lpsnmedia.net; frame-ancestors 'self' *.aiglife.co.uk *.churchill.com *.directline.com ; base-uri 'self' *.aiglife.co.uk ; style-src 'self' *.aiglife.co.uk https://fonts.googleapis.com 'unsafe-inline' ; script-src 'self' *.aiglife.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://extend.vimeocdn.com http://assets.adobedtm.com https://lptag.liveperson.net https://assets.adobedtm.com https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net *.lpsnmedia.net *.liveperson.net 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.cookielaw.org https://*.onetrust.com connect.facebook.net 'nonce-BixCi0HY3v7DqwKUCeLoYdj9PbzZY9N18HVdUTki+/c='; script-src-elem 'self' *.aiglife.co.uk *.lpsnmedia.net *.liveperson.net http://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://extend.vimeocdn.com http://assets.adobedtm.com https://lptag.liveperson.net https://assets.adobedtm.com https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.cookielaw.org https://*.onetrust.com connect.facebook.net 'unsafe-inline'; script-src-attr 'self' *.aiglife.co.uk *.lpsnmedia.net *.liveperson.net 'unsafe-inline'; font-src 'self' *.aiglife.co.uk data: ; img-src * 'self' *.aiglife.co.uk https://td.doubleclick.net/ https://www.google.com https://www.google.co.uk http://metrics.churchill.com http://cm.everesttech.net https://cm.everesttech.net https://dpm.demdex.net http://metrics.directline.com https://www.googletagmanager.com https://smetrics.directline.com https://smetrics.churchill.com https://www.google-analytics.com https://safgtechnologiesaiglifechurchilldev.112.2o7.net *.lpsnmedia.net data: https:; media-src 'self' *.aiglife.co.uk *.lpsnmedia.net; frame-src 'self' *.aiglife.co.uk https://td.doubleclick.net/ https://lpcdn.lpsnmedia.net https://3535199.fls.doubleclick.net http://fast.directlinegroup.demdex.net https://3535200.fls.doubleclick.net https://directlinegroup.demdex.net https://player.vimeo.com https://lo.idp.liveperson.net *.lpsnmedia.net *.liveperson.net ; connect-src 'self' *.aiglife.co.uk *.liveperson.net wss://*.liveperson.net *.lpsnmedia.net https://www.google-analytics.com https://stats.g.doubleclick.net http://dpm.demdex.net http://metrics.churchill.com http://metrics.directline.com https://dc.services.visualstudio.com https://smetrics.churchill.com https://smetrics.directline.com https://safgtechnologiesaiglifeukdev.112.2o7.net https://cdn.cookielaw.org https://*.onetrust.com data: https:; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://developer.adobe.com https://magento.com https://js.sandbox.fortis.tech https://js.fortis.tech https://elements.sandbox.fortis.tech https://elements.fortis.tech *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://developer.adobe.com https://elements.sandbox.fortis.tech https://elements.fortis.tech https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: wss: data: https:; img-src 'self' data: blob: https: android-webview-video-poster android-webview https://assets.badenova.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: https://www.googletagmanager.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' https: https://cdn.tagcommander.com https://connect.facebook.net https://widgets.trustedshops.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://static.badenova.de; connect-src 'self' wss: https:; style-src 'self' 'unsafe-inline' data: https:; frame-src 'self' data: https:; report-uri https://o569815.ingest.sentry.io/api/5716003/security/?sentry_key=ba1ca883ccf34f2db27be1ed29aedfa3 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com *.punchout2go.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.sharethis.com https://static.addtoany.com/ *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.weltpixel.com *.schoolhealth.com *.punchout2go.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.sharethis.com *.gstatic.com *.googleapis.com *.b0e8.com *.cenpos.net *.cenpos.com https://*.asknice.ly *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.punchout2go.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com https://static.addtoany.com/ *.googleapis.com *.gstatic.com *.b0e8.com *.bc0a.com *.cenpos.com *.cenpos.net *.google.com *.cardinalcommerce.com https://static.asknice.ly ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io data: ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com https://static.asknice.ly *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com commerce.adobe.io performance.typekit.net commerce.adobe.net *.bolt.com *.adobe.io *.sentry.io *.sharethis.com https://stats.addtoany.com/menu *.googleapis.com *.doubleclick.net *.google-analytics.com *.demdex.net *.punchout2go.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com lacountylibrary.org unpkg.com www.google-analytics.com cdn.jsdelivr.net *.gstatic.com thumbnail.midwesttape.com *.doubleclick.net *.twitter.com *.googleapis.com visit.lacountylibrary.org us.refchatter.net translate.google.com www.libraryaware.com www.youtube.com contentcafe2.btol.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-8YqZumst60qNu6GEn5IkeA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.userway.org victra.com google.com a.omappapi.com *.googleapis.com *.adroll.com js-na1.hs-scripts.com forms-na1.hsforms.com *.doubleclick.net www.victra.com unpkg.com *.gstatic.com *.googleadservices.com forms.hsforms.com www.google-analytics.com www.googletagmanager.com *.facebook.com js.hscollectedforms.net api.omappapi.com widgets.wp.com analytics.google.com pixel.wp.com js.hs-scripts.com *.adsrvr.org *.facebook.net js.hs-banner.com rtx-source-icons.s3.amazonaws.com maps.google.com app.five9.com stats.wp.com api.hubapi.com js.hsleadflows.net api.userway.org cdn77.api.userway.org adservice.google.com js.hsadspixel.net js.hsforms.net www.google.com forms.hscollectedforms.net amplify.review-alerts.com api.ipify.org *.hubspot.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick.min.js https://pi.pardot.com https://www.brighttalk.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://player.vimeo.com https://go.pardot.com https://www.brighttalk.com https://e.issuu.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; media-src 'self' https://cruprod.blob.core.windows.net; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self' 'unsafe-inline'  https://*.google-analytics.com; img-src https://*; 1
font-src *.klevu.com *.ksearchnet.com checkout.getbread.com *.paypal.com *.google-analytics.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.nr-data.net *.newrelic.com *.google.com *.clarity.ms analytics.google.com tgscript.s3.amazonaws.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com js.klevu.com data: *.shopperapproved.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.authorize.net *.twitter.com *.facebook.com connect.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.getbread.com *.breadpayments.com *.rbcpayplan.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net *.liveperson.net checkout.getbread.com *.doubleclick.net *.lpsnmedia.net *.google.com *.googletagmanager.com *.facebook.com platform.twitter.com td.doubleclick.net *.twitter.com *.google.co.in www.xtento.com photos.pixlee.co *.weltpixel.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net https://www.shopperapproved.com *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png store.paradoxlabs.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in *.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com * *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com *.trustgaurd.com content.sprinklerwarehouse.com bat.bing.com www.xtento.com cdn.xtento.com wac.edgecastcdn.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.shopperapproved.com https://direct.shopperapproved.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net *.liveperson.net *.lpsnmedia.net cdn.searchspring.net checkout.getbread.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com bat.bing.com *.mouseflow.com services.nofraud.com *.doubleclick.net widgets.turnto.com js.klevu.com stats.g.doubleclick.net static.trackedweb.net tgscript.s3.amazonaws.com *.clarity.ms platform.twitter.com connect.facebook.net cdn-ws.turnto.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com *.paypal.com chimpstatic.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com player.vimeo.com content.sprinklerwarehouse.com www.xtento.com cdn.xtento.com *.turnto.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com googletagmanager.com *.lightingwarehouse.com code.jquery.com *.sprinklerwarehouse.com *.vimeo.com *.shopperapproved.com *.gstatic.com accdn.lpsnmedia.net lpcdn.lpsnmedia.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com cdn.searchspring.net widgets.turnto.com fonts.googleapis.com js.klevu.com tgscript.s3.amazonaws.com *.bootstrapcdn.com *.turnto.com tagmanager.google.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com  *.bootstrapcdn.com *.yotpo.complete content.sprinklerwarehouse.com *.lightingwarehouse.com *.nr-data.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.lpsnmedia.net data: *.trustguard.com content.sprinklerwarehouse.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.authorize.net *.lpsnmedia.net data: *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com checkout.getbread.com *.mmapiws.com *.doubleclick.net *.searchspring.io *.turnto.com bat.bing.com datalayer.jumpfly.com *.mouseflow.com *.clarity.ms tgscript.s3.amazonaws.com content.sprinklerwarehouse.com *.facebook.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.lightingwarehouse.com adservice.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src checkout.getbread.com *.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-0965371960bc4953aa63c5b0e2a6312c' https://www.mycityofhope.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mycityofhope.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self' *.doubleclick.net try.abtasty.com get.geojs.io; child-src 'self' blob:; connect-src 'self' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.fastlylb.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.google.nl *.metaffiliation.com *.wonderpush.com *.analytics.google.com googleads.g.doubleclick.net static.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com sgtm.adagio-city.com ct.pinterest.com s.pinimg.com get.geojs.io analytics.tiktok.com *.nr-data.net *.posthog.com *.us-east-1.amazonaws.com *.kontorolabs.com https://www.google-analytics.com https://www.googletagmanager.com; font-src *; frame-src 'self' *.wpc.alphacdn.net *.cedexis-test.com *.doubleclick.net *.criteo.com static.addtoany.com *.google.com *.youtube.com my.matterport.com *.citrix-itm-test.com *.internetpluspro.orange-business.com *.azioncdn.net *.facebook.com *.criteo.net *.fbcdn.net *.citm-test.com *.cardinalcommerce.com *.online-metrix.net *.bitgravity.com cedexis-test.gcorelabs.com *.contentsquare.net csxd.all.accor.com csxd.mag-adagio.com ct.pinterest.com s.pinimg.com *.adagio-city.com; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' adagio.nonce cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com ssl.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.google.de *.cardinalcommerce.com *.elitrack.com *.metaffiliation.com *.wonderpush.com ct.pinterest.com s.pinimg.com https://cdn.jsdelivr.net https://github.com https://static.addtoany.com https://try.abtasty.com staticaws.fbwebprogram.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.quantserve.com *.quantcount.com *.elitrack.com *.metaffiliation.com *.wonderpush.com s.pinimg.com cdn.jsdelivr.net try.adtasty.com *.adagio-city.com analytics.tiktok.com *.posthog.com ct.pinterest.com https://cdn.jsdelivr.net https://github.com https://static.addtoany.com https://try.abtasty.com staticaws.fbwebprogram.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-ktVztxXUTFnpewTTpKMFbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'strict-dynamic' https://visitor2.constantcontact.com/ 'nonce-7xQ8C5wNMsnKUYcS8N/THqMKCj0Zq0P4u1QGV/hyJAo='; style-src 'self' 'unsafe-inline' https://static.ctctcdn.com/; img-src 'self' https://admin-tsnet-staging.azurewebsites.net/; font-src 'self'; connect-src 'self' https://admin-tsnet-staging.azurewebsites.net/ https://api.zip-codes.com/ https://apilayer.net/ https://static.ctctcdn.com/ https://visitor2.constantcontact.com/ wss://localhost:44341/Trade-Schools.Website/; 1
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net  pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri  https://hbftest.report-uri.com/r/d/csp/reportOnly 1
report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; style-src 'self' 'unsafe-inline' https://static.tegut.com/ *.typekit.com *.typekit.net https://fast.fonts.net/; script-src 'self' 'unsafe-inline' https://*.usercentrics.eu *.typekit.com *.typekit.net https://static.tegut.com/ https://cdn.adsdefender.com/ https://cdn.ampproject.org/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com/ https://analytics.tiktok.com/ https://www.youtube.com/ https://www.googleadservices.com/ https://www.google.com/ https://ad1.adfarm1.adition.com/ https://cdn.scarabresearch.com/; img-src 'self' data: https://static.tegut.com/ https://*.usercentrics.eu https://www.google.com/ https://www.google.de/ https://www.facebook.com/ https://www.google-analytics.com/ https://tegut.maps.dmknet.de/; object-src 'self' https://*.usercentrics.eu https://static.tegut.com/ blob:; connect-src 'self' https://*.usercentrics.eu https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://region1.google-analytics.com/; font-src 'self' data: https://static.tegut.com/ https://use.typekit.com/; frame-src https://www.youtube-nocookie.com/; 1
worker-src blob:; font-src https://fonts.gstatic.com *.yotpo.com *.klevu.com *.klarnacdn.net *.gorgias.chat *.googleapis.com *.ksearchnet.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com www.sportrx.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; frame-ancestors googleadservices.com *.criteo.net *.criteo.com *.gorgias.chat *.twitter.com *.yotpo.com *.youtube.com www.sportrx.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.criteo.com *.google.com *.doubleclick.net *.facebook.com *.braintreegateway.com *.kaptcha.com *.klarna.com *.criteo.net *.usablenet.com *.gorgias.chat *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.klevu.com *.bing.com *.visualwebsiteoptimizer.com *.pushcrew.com *.klaviyo.com a.klaviyo.com *.facebook.com *.pinterest.com *.dialogtech.com *.cloudfront.net *.google.com *.stickyadstv.com *.teads.tv *.outbrain.com *.postrelease.com *.advertising.com *.tremorhub.com *.criteo.com *.yieldmo.com sync-criteo.ads.yieldmo.com *.bluekai.com *.yahoo.com *.demdex.net *.addthis.com *.gorgias.chat *.paypalobjects.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://a.klaviyo.com *.ksearchnet.com www.sportrx.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.google.com *.yotpo.com *.googletagmanager.com *.cloudflare.com *.gstatic.com *.klaviyo.com *.zdassets.com *.zendesk.com *.zopim.com *.twitter.com *.newrelic.com *.nr-data.net *.criteo.com *.doubleclick.net *.bing.com *.criteo.net *.klarnaservices.com *.visualwebsiteoptimizer.com *.pushcrew.com *.facebook.net *.cloudfront.net *.pinimg.com *.avmws.com *.noibu.com *.dialogtech.com *.klarnacdn.net *.addthis.com *.pii.ai *.gorgias.chat *.clarity.ms *.braintreegateway.com *.googleapis.com *.cdn-cookieyes.com *.cookieyes.com acsbapp.com *.acsbapp.com *.klarna.com *.glasseson.com https://static.klaviyo.com https://fast.a.klaviyo.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.klevu.com *.klarnacdn.net *.pushcrew.com *.cloudfront.net fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.cloudfront.net *.gorgias.chat *.glasseson.com www.sportrx.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.google-analytics.com *.klaviyo.com a.klaviyo.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.nr-data.net *.doubleclick.net *.klarnaservices.com *.klarnauserservices.com *.luckyorange.net *.pinterest.com *.visitors.live wss://visitors.live wss://in.visitors.live *.noibu.com *.dialogtech.com *.braintreegateway.com wss://input.noibu.com *.klarnaevt.com *.clarity.ms *.gorgias.chat wss://us-east1-898b.gorgias.chat *.segment.io *.googleapis.com *.cdn-cookieyes.com *.cookieyes.com acsbapp.com *.acsbapp.com *.glasseson.com *.mixpanel.com *.cloudfront.net https://static.klaviyo.com https://fast.a.klaviyo.com *.klarnacdn.net *.klarna.com *.klevu.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.sportrx.com http: https: blob: 'self' 'unsafe-inline'; default-src *.yotpo.com *.klaviyo.com *.klevu.com *.twitter.com *.criteo.net *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://static.klaviyo.com https://register.feefo.com https://services.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.klevu.com *.ksearchnet.com *.bootstrapcdn.com 'unsafe-inline' data: *.gstatic.com *.cloudflare.com https://static.klaviyo.com maxcdn.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.shorepowerinc.com *.paypal.com *.google.com https://td.doubleclick.net/ www.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.gstatic.com https://www.batteryjunction.com/rest/V1/swell/session/getcart https://batteryjunction.com/rest/V1/swell/session/getcart *.visualwebsiteoptimizer.com blob: *.gstatic.com *.resellerratings.com https://sep.yimg.com https://notify.bugsnag.com https://files.batteryjunction.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com https://*.smsbump.com https://www.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.zendesk.com *.visualwebsiteoptimizer.com *.klevu.com *.twitter.com *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com https://api.resellerratings.com https://js-agent.newrelic.com https://static.zdassets.com https://static.cloudflareinsights.com *.cloudflare.com https://bat.bing.com https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net www.gstatic.com cdn.ampproject.org connect.facebook.net *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.cloudflare.com https://files.batteryjunction.com www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://batteryjunction.zendesk.com *.visualwebsiteoptimizer.com https://batteryjunction.com/rest/V1/swell/session/getcart https://www.batteryjunction.com/rest/V1/swell/session/getcart *.goog-analytics.com https://analytics.google.com https://api.resellerratings.com https://ekr.zdassets.com https://stats.g.doubleclick.net https://bam.nr-data.net https://maps.googleapis.com cdn.ampproject.org www.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shorepowerinc.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-VjkfHeOmW6f7hfgqE2eA1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TRcXsx8lCs7kHx6000PShQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hsappstatic.net cdn2.hubspot.net no-cache.hubspot.com js.hscollectedforms.net js.hscta.net api.hubapi.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hubspotfeedback.com feedback.hubapi.com js.hs-banner.com www.googletagmanager.com www.google.com app.hubspot.com www.google-analytics.com snap.licdn.com js.hs-scripts.com tribl.io j.6sc.co static.oktopost.com ssl.google-analytics.com trk.techtarget.com www.clarity.ms js.qualified.com js.zi-scripts.com okt.to googleads.g.doubleclick.net w.clarity.ms tracking.g2crowd.com js.hsforms.com js.hsforms.net www.gstatic.com 516015.fs1.hubspotusercontent-na1.net 19820949.fs1.hubspotusercontent-na1.net play.hubspotvideo.com play.vidyard.com platform.twitter.com connect.facebook.net platform.linkedin.com s3-us-west-2.amazonaws.com js.driftt.com edge.marker.io www.brighttalk.com www.recaptcha.net www.gstatic.cn embed.typeform.com www.googleadservices.com code.jquery.com; report-uri  https://5ccc-110-235-228-46.ngrok-free.app/csp-report; 1
font-src *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.zipmoney.com.au font.static.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com static.zip.co https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com https://cdn.livechatinc.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.google.com *.doubleclick.net www.facebook.com *.affirm.com *.affirm.ca https://plumrocket.com *.livechatinc.com *.paypal.com *.kaptcha.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com *.pinterest.com *.cloudfront.net *.scarabresearch.com www.xtento.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * photos.pixlee.co https://accounts.google.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://www.affirm.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca *.beaconlighting.com.au *.trackjs.com *.cdninstagram.com *.zipmoney.com.au *.magentosite.cloud *.stamped.io *.scarabresearch.com *.paypal.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com blob: static.zip.co www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixlee.com *.yotpo.com t.zip.co static.zipmoney.com.au https://web1.acsbapp.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.affirm.com *.affirm.ca s7.addthis.com iguana2.com *.stamped.io *.zipmoney.com.au foursixty.com *.trackjs.com *.bootstrapcdn.com *.livechatinc.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com z.moatads.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.scarabresearch.com static.zip.co www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.plugins.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://accounts.google.com *.yotpo.com static.zipmoney.com.au zip.co https://cdn1.affirm.com/js/v2/affirm.js https://acsbapp.com/ https://trx-cdn.zip.co/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.scarabresearch.com static.zip.co downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca ekr.zdassets.com/ *.bootstrapcdn.com *.zipmoney.com.au foursixty.com *.foursixty.com *.labs.au.edge.zip.co *.trackjs.com stamped.io *.livechatinc.com *.api.useinsider.com carrier.useinsider.com *.doubleclick.net *.pinterest.com *.cloudfront.net *.scarabresearch.com static.zip.co *.eservice.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://inbound-analytics.pixlee.com https://accounts.google.com *.yotpo.com https://cdn.acsbapp.com/ https://trx.zip.co/z/t https://www.affirm.com/ https://tracker.affirm.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.affirm.com/ 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://fonts.gstatic.com; data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.google.com; 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ http://maps.gstatic.com/ *.meetanshi.com https://meetanshi.com/media/logo.png *.nextopia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.facebook.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com cdn.nextopia.net *.ecomm-nav.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.nextopia.net unsafe-inline tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://fonts.googleapis.com; 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://maps.googleapis.com/ http://maps.gstatic.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.meetanshi.com *.nextopia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://beacon.searchspring.io/beacon *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://vercel.live https://*.hotjar.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://js.stripe.com https://cdn.plaid.com https://w.appzi.io/boot-wt-v2000-8d1cux.js https://uploads-ssl.webflow.com https://challenges.cloudflare.com/turnstile/v0/api.js https://www.googleadservices.com/pagead/conversion/713115215/; style-src 'self' 'unsafe-inline' 'report-sample' https://*.hotjar.com https://uploads-ssl.webflow.com https://fonts.googleapis.com; connect-src 'self' https://*.every.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://www.googletagmanager.com https://api.cloudinary.com https://ac.cnstrc.com https://analytics.google.com https://api.appzi.io https://api.statsig.com https://endpoint5.collection.us2.sumologic.com https://o423759.ingest.sentry.io https://stats.g.doubleclick.net https://vitals.vercel-insights.com https://*.google-analytics.com https://x8jbwkztci.execute-api.us-east-2.amazonaws.com https://events.statsigapi.net; img-src 'self' data: https://assets.vercel.com https://uploads-ssl.webflow.com https://*.hotjar.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://res.cloudinary.com https://w.appzi.io https://www.google-analytics.com https://www.google.com; font-src 'self' data: https://uploads-ssl.webflow.com https://*.hotjar.com https://fonts.gstatic.com https://w.appzi.io; frame-src 'self' https://vercel.live https://*.hotjar.com https://cdn.plaid.com https://commerce.coinbase.com https://customer-0h2ekzmxwlw1sq5b.cloudflarestream.com https://js.stripe.com; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'self'; 1
report-uri /_csp/report 1
default-src https://d3tw2v68rmxuj7.cloudfront.net; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://platform.twitter.com; img-src https:; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 https://d3tw2v68rmxuj7.cloudfront.net;script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com https://unpkg.com/ionicons@4.5.5/dist/css/ionicons.min.css; report-uri /csp 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-WZDJHgJSDDyPysSMomz1fL9wyHogfbtC'; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-mSAzg59czfcL7Js-OYfyaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1
default-src 'self' data: https://openam-densirona-euw3.id.forgerock.io https://*.dscore.com https://*.edge.dscore.com:8443 wss://*.edge.dscore.com:8443 wss://*.dscore.com https://*.share.dentsplysirona.com wss://*.share.dentsplysirona.com https://*.gstatic.com https://*.googleapis.com https://unpkg.com https://www.google-analytics.com https://*.googletagmanager.com https://www.datadoghq-browser-agent.com https://*.datadoghq.eu https://i.ytimg.com https://www.youtube.com https://static.zuora.com https://na.zuora.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://localhost:52090/; 1
font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.criteo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com www.facebook.com *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * via.banorte.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com h.online-metrix.net via.banorte.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com s7d1.scene7.com *.criteo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com cdn.onesignal.com onesignal.com www.googleoptimize.com cloudfront.barilliance.com static.zdassets.com *.richrelevance.com static.criteo.net www.barilliance.net checkout.stg.deuna.io *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com maxcdn.bootstrapcdn.com db.onlinewebfonts.com *.criteo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.criteo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com  https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 1
img-src 'self' data: https://i.ytimg.com  https://www.googletagmanager.com  resource://skype_ff_extension-at-jetpack/skype_ff_extension/data/call_skype_logo.png  https://www.google-analytics.com  https://media.jbanetwork.com  https://ci5.googleusercontent.com  https://ci3.googleusercontent.com  https://ci4.googleusercontent.com  https://ci6.googleusercontent.com  https://redd-monitor.org  https://cdn.honey.io  https://fonts.gstatic.com  https://translate.google.com  https://wrm.org.uy  https://pos.baidu.com  https://images.intellitxt.com  https://www.ienearth.org  chrome://skype_ff_extension/skin/numbers_button_skype_logo.png  https://assets.democracynow.org  https://syndication.twitter.com  https://i.vimeocdn.com  blob:  https://ipmcdn.avast.com  https://www.paypalobjects.com  resource  https://indigenousrising.org  https://media.mynewsletterbuilder.com  https://pixel.wp.com  https://i0.wp.com  https://c0.wp.com  https://en.wordpress.com  https://www.democracynow.org  https://d1fdloi71mui9q.cloudfront.net  https://yt3.ggpht.com  https://gateway.zscalerthree.net  file  https://s0.wp.com  https://www.google.com  https://www.gstatic.com  https://cdn.leanlibrary.app  https://static.xx.fbcdn.net  https://translate.googleapis.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com  https://cdn.jsdelivr.net  https://cast3.asurahosting.com  https://accounts.google.com  https://www.googletagmanager.com  https://platform.twitter.com  https://www.youtube.com  https://cdn.socialhead.io  https://connect.facebook.net  data:  https://cdnjs.cloudflare.com  https://www.ienearth.org  https://apis.google.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://conoret.com  https://www.scrible.com  https://c0.wp.com  https://stats.wp.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://rialto-gms.s3.amazonaws.com  https://www.pagespeed-mod.com  https://localhost  https://ssl.google-analytics.com  https://asset.goguardian  https://ff.kis.v2.scr.kaspersky-labs.com  https://static.icopyright.net  https://agadata.online  https://translate.google.com  https://translate.googleapis.com  https://unpkg.zhimg.com  https://s3.amazonaws.com  https://get663.com  https://ongc4tnp.d2sri.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com  https://cdn.jsdelivr.net  https://cast3.asurahosting.com  https://accounts.google.com  https://www.googletagmanager.com  https://platform.twitter.com  https://www.youtube.com  https://cdn.socialhead.io  https://connect.facebook.net  data:  https://cdnjs.cloudflare.com  https://www.ienearth.org  https://apis.google.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://conoret.com  https://www.scrible.com  https://c0.wp.com  https://stats.wp.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://rialto-gms.s3.amazonaws.com  https://www.pagespeed-mod.com  https://localhost  https://ssl.google-analytics.com  https://asset.goguardian  https://ff.kis.v2.scr.kaspersky-labs.com  https://static.icopyright.net  https://agadata.online  https://translate.google.com  https://translate.googleapis.com  https://unpkg.zhimg.com  https://s3.amazonaws.com  https://get663.com  https://ongc4tnp.d2sri.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com  https://use.typekit.net  https://p.typekit.net  https://cast3.asurahosting.com  https://cdn.honey.io  https://www.gstatic.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://c0.wp.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://secure.gravatar.com  https://www.ienearth.org  https://ff.kis.v2.scr.kaspersky-labs.com  blob: ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://maxcdn.bootstrapcdn.com  https://use.typekit.net  https://p.typekit.net  https://cast3.asurahosting.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://c0.wp.com  https://widgets.wp.com  https://me.kis.v2.scr.kaspersky-labs.com  https://secure.gravatar.com  https://www.ienearth.org  https://ff.kis.v2.scr.kaspersky-labs.com  blob: ; font-src 'self' https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com  https://s0.wp.com  https://use.typekit.net  https://www.ienearth.org  https://ray.st  https://aceify.ai  https://cdn.scite.ai  https://c0.wp.com  https://s1.wp.com  https://static.zip.co  https://assets.tailwindapp.com  chrome-extension://5B5A957F-9F49-4CE6-8054-538B57BA1F9D/fonts/scite-icons/scite-icons.woff2?v=5  chrome-extension://5B5A957F-9F49-4CE6-8054-538B57BA1F9D/fonts/scite-icons/scite-icons.woff?v=5  moz-extension://5B5A957F-9F49-4CE6-8054-538B57BA1F9D/fonts/scite-icons/scite-icons.woff  chrome-extension  https://at.alicdn.com  https://account.affilitizer.com  https://github.com  data:; frame-src 'self' https://www.youtube-nocookie.com  https://www.youtube.com  https://www.facebook.com  https://player.vimeo.com  https://platform.twitter.com  https://app.essential-addons.com  https://sites.google.com  https://zeno.fm  https://www.regulations.gov  https://pwm-image.trendmicro.com  https://wpcrmoccasintracks.podomatic.com  https://static.contextall.com  https://m.facebook.com  https://www.washingtonpost.com  https://netnebraska.org  https://www.liveleak.com  https://www.democracynow.org  https://www.c-span.org  https://nebraskapublicmedia.org  https://www.google.com  https://mozbar.moz.com  https://w.soundcloud.com  https://static.icopyright.net  https://www.itemfix.com  https://localhost  https://e.issuu.com  https://authenticate.ibotta.com  https://web.facebook.com  https://feedback-pa.clients6.google.com  blob:; connect-src 'self' https://www.google-analytics.com  https://cdn.jsdelivr.net  https://region1.google-analytics.com  https://api.solaranalyticscorp.com  https://api.browsekeeper.com  https://w88p9x.com  https://api.highdataanalytics.com  https://api.solarspireconsulting.com  https://firebaseinstallations.googleapis.com  https://doublestat.info  https://translate.googleapis.com  https://1531320666.rsc.cdn77.org  https://www.scrible.com  https://translate-pa.googleapis.com  https://i0.wp.com  data:  https://analytics.google.com  https://api.software-downloading.com  https://api.fbanalytics.org  https://api.adblocking247.com  https://overbridgenet.com  https://stats.g.doubleclick.net  https://skincareadvertsking.com  https://api.mkmediaworks.com  https://api.privacy-protector-adblocker.com  https://api.datacloudstat.com  https://api.adblock360.net  https://get663.com  https://fcgt742.com  https://api.amcreativemedia.com  https://api.global-data-lab.com;  object-src 'self' https://cast3.asurahosting.com  http://www.youtube.com;  media-src 'self' https://cast3.my-control-panel.com  data:  https://ssl.gstatic.com  https://signlearner.com;  worker-src 'self' blob:;  report-uri https://www.ienearth.org/wp-json/rsssl/v1/csp?rsssl_apitoken=98611069; 1
connect-src 'self' https://b.clarity.ms https://bat.bing.com https://ekr.zdassets.com https://numberbarn.zendesk.com wss://api.smooch.io; default-src 'none'; font-src 'report-sample' 'self' https://fonts.gstatic.com; form-action 'report-sample' 'self'; frame-ancestors 'report-sample' 'self'; frame-src 'self' https://js.stripe.com https://www.google.com; img-src 'report-sample' 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://static.zdassets.com https://www.facebook.com https://www.google.com; report-to default; report-uri https://www.tierra.net/special/report/csp; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://api.smooch.io https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.stripe.com https://snap.licdn.com https://static.zdassets.com https://www.clarity.ms https://www.clearhello.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com 1
object-src 'none';base-uri 'self';script-src 'nonce-naYS8USDEAJJ19OBY8YflA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'sha256-kAj0E4/G2JPs8Mjj0MqcO7tHFZOJmTUjKaBLz5FIcog=' 'self' statistiek.rijksoverheid.nl 'report-sample' 'sha256-AJSFTfEFXIO1Wi4AjG7vT7VnAz5A/u7Rz1uNdPXDPhU=' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE='; object-src 'none'; style-src 'sha256-d+d7Cti3VU0dwJ1fNknUjJrjfKCBKmv7IB8pWVKOtVA=' 'sha256-HS0dLXtouzt27WjhcNn1jnLChsFC64NjrBHNAceQoNM=' 'sha256-p3iFO5bVyUOAUUESOH4bv8z4dxbPZZXWh/MQHoshxww=' 'sha256-2haq8oHxQM6XYJ1EnNAO37NNVFrJGhmY1jn8sa3S0AU=' 'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng='  'self'  'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-p6HyQ9qqQIVvilUDUG0LZmJsmqaueCFxNRdnqp+CQu0='; img-src statistiek.rijksoverheid.nl *.rovid.nl 'self' data: www.logius.nl/* logius.nl/* ; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/41/security/?sentry_key=be7725c4e69245aa867cc45751194094&sentry_environment=production 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' 735-rtx-941.mktoresp.com 735-rtx-941.mktoutil.com abrtp2.marketo.com abrtp2-cdn.marketo.com app-ab42.marketo.com rtp-static.marketo.com munchkin.marketo.net app.addsearch.com addsearch.com adservice.google.com maxcdn.bootstrapcdn.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms bat.bing.com ajax.aspnetcdn.com ajax.googleapis.com translate.googleapis.com analytics.google.com www.google-analytics.com www.googletagmanager.com cdn.callrail.com js.callrail.com cdn01.basis.net code.jquery.com connect.facebook.net d.adroll.com s.adroll.com x.adroll.com *.deltadentalia.com fonts.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net pixel-a.basis.net pixel.sitescout.com px.ads.linkedin.com edge.quantserve.com secure.quantserve.com rules.quantcount.com pixel.quantcount.com snap.licdn.com s7.addthis.com secure.deltadentalia.com *.spinutech.com www.youtube.com static.cloudflareinsights.com test.secure.deltadentalia.com unpkg.com www.gstatic.com www.google.com www.google.ca www.google.co.in www.google.co.uk; img-src 'self' blob data: *.deltadentalia.com *.spinutech.com addsearch.com stats.addsearch.com stats.g.doubleclick.net ad.doubleclick.net pixel-a.basis.net pixel.sitescout.com bat.bing.com c.bing.com d.adroll.com s.adroll.com x.adroll.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms clickserv.sitescout.com www.google-analytics.com translate.google.com www.facebook.com px.ads.linkedin.com px4.ads.linkedin.com pixel.quantserve.com fonts.gstatic.com www.googletagmanager.com www.google.com www.google.ca www.google.co.in www.google.co.uk; media-src 'self' data: s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' accounts.google.com *.spinutech.com secure.deltadentalia.com test.secure.deltadentalia.com; font-src 'self' data: fonts.gstatic.com static.zip.co maxcdn.bootstrapcdn.com; base-uri 'self'; report-uri /csp/; 1
default-src 'self' https://*.sentry-cdn.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'nonce-82d45c82-d726-46c6-8550e6d37194bf35' 'unsafe-inline' 'strict-dynamic' false; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.ingest.sentry.io https://*.googleapis.com https://*.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.googletagmanager.com false *.google-analytics.com *.analytics.google.com www.facebook.com https://www.google.de/ads https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'nonce-82d45c82-d726-46c6-8550e6d37194bf35'; worker-src 'self' blob:; frame-ancestors 'self' https://*.cookiebot.com; form-action 'self' *.facebook.com https://*.cookiebot.com; frame-src 'self' https://*.trustpilot.com https://*.cookiebot.com *.facebook.com; report-uri https://o153269.ingest.sentry.io/api/5947271/security/?sentry_key=e053727f27894f56ab910e7f94e49808; base-uri 'none'; object-src 'none' 1
script-src 'self' https: 'unsafe-inline' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.espssl.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.twitter.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.twitter.com *.google.co.in *.kaptcha.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com https://www.magezon.com *.espssl.com *.payments-amazon.com *.listrakbi.com *.pinterest.com *.facebook.com *.google.com *.google.co.in *.klarna.com *.twitter.com *.ytimg.com stats.g.doubleclick.net *.connect.facebook.net pixel.advertising.com *.googletagmanager.com *.twimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-datasolutions.com *.magento-ds.com *.typekit.net google.com *.google.com cdnjs.cloudflare.com *.pinterest.com *.listrakbi.com *.listrak.com *.ladesk.com s.pinimg.com *.facebook.net *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com connect.facebook.net *.googletagmanager.com static-na.payments-amazon.com js-agent.newrelic.com *.jquery.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdnjs.cloudflare.com *.jquery.com *.espssl.com *.fontawesome.com *.typekit.net *.listrakbi.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.youtube.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.paypal.com google.com *.google.com *.listrakbi.com *.doubleclick.net *.algolia.io *.pinterest.com *.twitter.com *.twimg.com *.google.co.in *.facebook.com *.braintree-api.com *.amazon.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://actionis.report-uri.com/a/d/g; report-to report-endpoint; 1
base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 1
object-src 'none';base-uri 'self';script-src 'nonce-i1vahM0Ireyupn7nDrDyeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.yearbookforever.com *.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yearbookforever.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yearbookforever.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yearbookforever.com *.google-analytics.com *.bootstrapcdn.com *.jquery.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline assets.braintreegateway.com *.yearbookforever.com *.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.yearbookforever.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src *.youtube.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://storyboard.storystream.ai https://content.storystream.ai; form-action 'self' https://www.facebook.com https://m.berghaus.com https://checkout.berghaus.com https://www.berghaus.com https://connect.facebook.net https://tr.snapchat.com; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
report-uri https://www.yelp.com/csp_report_only?id=ad086a55dd337404&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www&timestamp=1715736936; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1
object-src 'none';base-uri 'self';script-src 'nonce-_dn6uJfG-lhJcpvCF-ni8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net *.gstatic.com media.wakanim.tv ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-KqInNXKFGwVv2uiFgymI4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zuf5rG8kTLwwwTeoNDzDpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZiOjyfikoQXE3Cohs48RpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2bPa8w1c4-qMJbbXZs7Kwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' https://acsbapp.com/apps/app/dist/js/app.js https://wordpress.org https://accessibe.com http://www.w3.org/ https://connect.facebook.net/en_US/fbevents.js https://maps.googleapis.com/maps/api/js https://pi.pardot.com/analytics https://wec-assets.terminus.services/c5a1ac0f-5619-41ea-b104-3c89d7d61c2e/t.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.acsbapp.com https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self'; img-src 'self' http://www.w3.org/ http://purl.org/ https://cdn.acsbapp.com https://wec-assets.terminus.services https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; report-uri https://647739cd974ac544f93abb19.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cohesionapps.com urldefense.proofpoint.com app.powerbi.com www.duquesnelight.com www.google-analytics.com *.facebook.com www.youtube.com www.google.com *.doubleclick.net *.googleapis.com *.googleadservices.com nextweb-static.opower.com cdn.allconnect.com accounts.google.com use.typekit.net dc.services.visualstudio.com webchat.duquesnelight.com touchpoint-sdk.alida.com duquesnelight.com dc.oracleinfinity.io www.googletagmanager.com *.facebook.net dist-touchpoint.na2.alida.com kendo.cdn.telerik.com google.com tools.applemediaservices.com rum-static.pingdom.net play.google.com api.dqe.com cdnjs.cloudflare.com *.gstatic.com tags.w55c.net p.typekit.net api-touchpoint.na2.alida.com static-content.opower.com *.azure.com c.oracleinfinity.io duq.opower.com apple-resources.s3.amazonaws.com adservice.google.com rum-collector-2.pingdom.net make-ingest.allconnect.com dlccpp.mbdt01.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.elecrow.com *.chromestatus.com *.bootcss.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://store.plumrocket.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.elecrow.com *.shopify.com github.com *.githubusercontent.com *.wp.com *.imgur.com bitronics.store www.longan-labs.cc www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google-analytics.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.facebook.net *.pinterest.com *.instagram.com *.dwin1.com *.livechatinc.com *.elecrow.com *.bootcdn.net *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.bootcss.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.elecrow.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';, script-src 'self' https://*.bing.com https://*.cdn.prismic.io https://*.clarity.ms https://*.facebook.net https://*.googletagmanager.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hubspot.com https://*.licdn.com https://*.matomo.cloud https://*.matomo.cloud https://*.outbrain.com https://*.outbrain.com https://*.survicate.com https://*.tiktok.com https://*.usemessages.comversations-embed.js https://*.outbrain.com https://*.googleads.com  https://*.js-eu1usemessages.com https://*.google.com https://*.googleadservices.com https://*.termsfeed.com https://*.youtube.com;, style-src 'self' https://*.survicate.com https://www.gstatic.com;, object-src 'none';, base-uri 'self';, connect-src 'self' https://*.ads.linkedin.com https://*.bing.com https://*.cdn.prismic.io https://*.clarity.ms https://*.hubapi.com https://*.hubspot.com https://*.iconify.design https://*.matomo.cloud https://*.outbrain.com https://*.survicate.com https://*.tiktok.com https://*.unisvg.com https://*.google.com https://*.hsforms.com https://*.googleapis.com  https://*.facebook.com https://*.gstatic.com https://yoummday-gmbh.jobs.personio.de;, font-src 'self' data: https://*.survicate.com https://*.gstatic.com;, frame-ancestors 'self';, frame-src 'self' https://*.prismic.io https://td.doubleclick.net https://*.youtube.com;, img-src 'self' data: https://*.ads.linkedin.com https://*.bing.com https://*.facebook.com https://*.hsforms.com https://*.hubspot.com https://*.prismic.io https://*.s3.amazonaws.com https://*.yoummday.com https://*.bing.com https://c.clarity.ms https://fonts.gstatic.com https://*.doubleclick.net https://*.ytimg.com https://*.linkedin.com https://translate.google.com https://www.google.ae https://www.google.al https://www.google.ba https://www.google.ch https://www.google.cl https://www.google.co.in https://www.google.co.th https://www.google.co.uk https://www.google.com https://www.google.com.br https://www.google.com.eg https://www.google.com.ng https://www.google.com.qa https://www.google.com.tr https://www.google.de https://www.google.fr https://www.google.ge https://www.google.mk https://www.google.rs https://www.google.sr https://www.google.tn https://www.googleadservices.com https://www.googletagmanager.com;, manifest-src 'self';, media-src 'self';, report-uri https://66012b0877c15b585b4a4d0f.endpoint.csper.io?v=1;, worker-src 'none'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fpartners&source%5Buuid%5D=8e7759fd-60df-4680-a2e0-8d3285c7ab22-1715741274 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://ekr.zdassets.com http://ekr.zdassets.com ekr.zdassets.com https://*.zopim.com http://*.zopim.com *.zopim.com wss://widget-mediator.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net https://*.zopim.com http://*.zopim.com *.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://t.co http://t.co t.co https://www.facebook.com http://www.facebook.com www.facebook.com https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://static.zdassets.com http://static.zdassets.com static.zdassets.com https://*.twitter.com http://*.twitter.com *.twitter.com https://static.ads-twitter.com http://static.ads-twitter.com static.ads-twitter.com https://*.facebook.net http://*.facebook.net *.facebook.net https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co 'unsafe-inline' 1
default-src 'self'; script-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://code.jquery.com/jquery-migrate-1.2.1.min.js https://www.paydashboardinfo.com/acton/content/form_embed.js https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://kit.fontawesome.com/5aa8edd4df.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__en.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://www.paydashboardinfo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://ka-p.fontawesome.com https://www.paydashboardinfo.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com; frame-src 'self' https://player.vimeo.com https://www.google.com; img-src 'self' https://i.vimeocdn.com https://www.paydashboardinfo.com; manifest-src 'self'; media-src 'self'; report-uri https://6221512bec8a0e581bb6f8f3.endpoint.csper.io/?v=2; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QQ5-n7_kJnzXHf751vaP4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com script.hotjar.com hyfin.app data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.cdninstagram.com *.fbcdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com *.us-6.evergage.com hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com cdn.evgnet.com *.us-6.evergage.com wss://*.hyfin.app hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-FG3ZrW3t1jj3q6uFBdmHVM8WY52NsCI5ofKhMGh8BMI='; base-uri 'self';report-to csp-endpoint 1
font-src *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' https://werbung.transgourmet.de https://www.youtube.com https://www.google.com www.recaptcha.net *.b2clogin.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl https://www.xing-events.com/resources/js/amiandoExport.js www.google.com content.syndigo.com www.recaptcha.net js.monitor.azure.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://werbung.transgourmet.de 1
object-src 'none';base-uri 'self';script-src 'nonce--J8NBvFKrC42pRYxE7i3Cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; base-uri 'none'; connect-src 'self'; frame-ancestors 'none'; img-src https://cernercentral.com/resources/core/v2.17/ https://cernercentral.com/resources/core/v2.27/; script-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.27/; style-src 'unsafe-inline' https://cernercentral.com/resources/core/v2.27/ https://cernercentral.com/resources/home/v2.12/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.google-analytics.com eu-api.lightboxcdn.com www.lightboxcdn.com people.api.eu.zetaglobal.net *.googlesyndication.com *.doubleclick.net *.lamutuellegenerale.fr try.abtasty.com *.commander1.com emea-lmg.netmng.com *.facebook.com euhosted.live.rezync.com t.contentsquare.net js-agent.newrelic.com *.linkedin.com *.qualtrics.com www.google.com www.googletagmanager.com *.googleapis.com ariane.abtasty.com *.facebook.net api.eu.zetaglobal.net www.google-analytics.com *.licdn.com onsiterecs.api.eu.zetaglobal.net *.hotjar.com c.az.contentsquare.net dcinfos-cache.abtasty.com bam.nr-data.net cdn.eu.zetaglobal.net cf.ignitionone.com *.cloudfront.net vc.hotjar.io *.gstatic.com cdn.trustcommander.net adservice.google.com privacy.trustcommander.net events.api.eu.zetaglobal.net content.hotjar.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://*.hotjar.com https://static.klaviyo.com https://surveys-static.survicate.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ https://static.addtoany.com/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com secure.authorize.net test.authorize.net js.stripe.com m.stripe.com x.klarnacdn.net *.weltpixel.com vars.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://cosmetis.com *.mcusercontent.com *.cloudflare.com *.gstatic.com *.google.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://c.bing.com https://googleads.g.doubleclick.net https://cosmetis.boost.propelbon.com https://static.zdassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://static.addtoany.com/ apis.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.pt *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com https://*.hotjar.com 'unsafe-inline' *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net https://*.clarity.ms https://surveys-static.survicate.com https://api6.ipify.org https://*.cookie-script.com https://iic.cosmetis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline' https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://www.google.pt https://care4ict.nl/health_check.php wss://pod-18.zendesk.com https://gtm.cosmetis.com https://survey.survicate.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://iic.cosmetis.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com  *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-zpvk3sLXG8x5XdlFxiMe5g=='; ; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.hotjar.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com https://www.gstatic.com/ https://plumrocket.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com *.doubleclick.net *.leasestation.com *.kaptcha.com *.google.com *.google.co.in *.networkmerchants.com *.paypalobjects.com *.cdn-btsg.com *.audioeye.com *.milwaukeetool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.apptrian.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com store.paradoxlabs.com https://redchamps.com https://imgs.signifyd.com https://*.online-metrix.net *.ohiopowertool.com https://seal-centralohio.bbb.org *.google.com *.google.co.in *.bing.com *.clarity.ms *.amazonaws.com *.shareasale.com *.nexmart.com *.noibu.com *.cdn-btsg.com *.quickspark.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com *.authorize.net sandbox-assets.secure.checkout.visa.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://www.dwin1.com https://seal-centralohio.bbb.org *.bing.com *.quickspark.com *.doubleclick.net *.clarity.ms *.nr-data.net *.newrelic.com *.google.com *.networkmerchants.com *.milwaukeetool.com *.noibu.com *.cdn-btsg.com *.pricespider.com *.hotjar.com *.audioeye.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com downloads.mailchimp.com tagmanager.google.com fonts.google.com *.mailchimp.com *.bootstrapcdn.com *.quickspark.com *.networkmerchants.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com www.apptrian.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.authorize.net https://imgs.signifyd.com *.doubleclick.net *.clarity.ms *.nr-data.net *.networkmerchants.com *.bing.com *.noibu.com wss://*.noibu.com *.cdn-btsg.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com strict-dynamic http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicstream.s3.amazonaws.com/AAPOS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.waubonsee.edu *.tiktok.com *.snapchat.com *.clarity.ms *.googleapis.com adservice.google.com www.googletagmanager.com pi.pardot.com cc.emsiservices.com *.facebook.com *.ads-twitter.com www.redditstatic.com *.doubleclick.net use.typekit.net *.gstatic.com bat.bing.com alb.reddit.com *.twitter.com embedr.flickr.com *.facebook.net cdnjs.cloudflare.com fs26.formsite.com *.youtube-nocookie.com waubonsee.tfaforms.net www.youtube.com *.linkedin.com sc-static.net unpkg.com www.google.com t.co *.licdn.com analytics.google.com p.typekit.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.jsdelivr.net code.jquery.com *.gstatic.com *.google.com *.bootstrapcdn.com *.googletagmanager.com *.typekit.net *.comeet.co *.zoominfo.com *.bing.com *.clarity.ms *.doubleclick.net *.googleoptimize.com *.google-analytics.com *.callrail.com unpkg.com *.facebook.net *.facebook.com *.libsyn.com up.pixel.ad *.googlesyndication.com *.spinutech.com *.hs-scripts.com up.pixel.ad snap.licdn.com *.hscollectedforms.net *.hsleadflows.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hsforms.net *.hsforms.com *.usemessages.com *.zi-scripts.com *.hubspot.com *.hubapi.com *.sitescout.com *.youtube.com addsearch.com *.addsearch.com *.cloudfront.net *.searchcdn.com *.browserstack.com wss://*.browserstack.com *.linkedin.oribi.io *.linkedin.com analytics.tiktok.com *.stape.biz; img-src * 'self' data:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.spinutech.com accounts.google.com *.facebook.com *.hsforms.com; base-uri 'self'; report-uri https://services.spinudev.com/csp/cspreport; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://us.altosresearch.com https://google.com https://www.gstatic.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com imgsct.cookiebot.com cdn.jsdelivr.net consentcdn.cookiebot.com *.gstatic.com www.printfriendly.com romanza-assets.s3.amazonaws.com www.googletagmanager.com www.google-analytics.com *.googleapis.com cdn.printfriendly.com consent.cookiebot.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
media-src 'self' https://*.cloudfront.net https://storage.googleapis.com https://static.olark.com; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://static.olark.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.slant.co; frame-ancestors 'self'; child-src https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; connect-src 'self' https:; default-src 'none'; object-src 'self' blob:; report-uri https://o115950.ingest.sentry.io/api/4504318134124545/csp-report/?sentry_key=9c71d70b1ee74ce3aa4d0d9c04d772a1&sentry_environment=production&sentry_release=b8d8fcbc 1
default-src 'self'; report-uri https://violations.post.ch/CSP/incamail/prod/report-only 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.googletagmanager.com *.google-analytics.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net munchkin.market.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com *.fitchconnect.com *.fitch.group *.jotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com *.amazonaws.com *.google-analytics.com *.analytics.google.com *.twitter.com *.facebook.com *.linkedin.com *.youtube.com *.googleapis.com *.facebook.net *.evidon.com *.crwdcntrl.net *.addtoany.com cdn.jsdelivr.net bat.bing.com snap.licdn.com hm.baidu.com *.ads-twitter.com script.crazyegg.com *.hotjar.com *.marketo.net *.funnelenvy.com *.ctnsnet.com *.typekit.net *.woopra.com consentag.eu; object-src 'self'; style-src 'self' 'unsafe-inline' https: blob: *.amazonaws.com *.googleapis.com *.googletagmanager.com your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com; img-src 'self' 'unsafe-inline' https: blob: data: *.amazonaws.com *.doubleclick.net *.google-analytics.com *.google.com *.google.co.in *.google.de *.google.co.jp *.google.co.uk *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg *.google.co.th *.google.com.my *.google.co.za *.google.com.sg *.google.com.tw *.google.be *.google.com.ua *.google.se *.google.ch *.google.at *.google.com.co *.google.pt *.google.dk *.google.fi *.google.no *.google.gr *.google.hu *.google.cz *.google.ro; media-src 'self' *.youtube.com; frame-src 'self' 'unsafe-inline' *.brightcove.net *.doubleclick.net vars.hotjar.com *.addtoany.com *.facebook.com bid.g.doubleclick.net *.fls.doubleclick.net *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.googletagmanager.com *.flashtalking.com *.lpsnmedia.net consentag.eu; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' https: data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; connect-src 'self' https: blob: wss: *.doubleclick.net *.funnelenvy.com *.hotjar.com *.mktoresp.com bat.bing.com *.ipinfo.io *.google-analytics.com notify.bugsnag.com https://a.clarity.ms *.linkedin.oribi.io *.googletagmanager.com *.fitchratings.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.google.com *.google.co.uk *.twitter.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.analytics.google.com *.mktorest.com *.clearbit.com td.doubleclick.net i.ctnsnet.com tags.crwdcntrl.net px.ads.linkedin.com *.gtm.js i.ctnsnet.com *.google.co.in *.google.de *.google.co.jp *.google.fr *.google.com.br *.google.it *.google.es *.google.com.mx *.google.ca *.google.com.au *.google.com.tr *.google.nl *.google.pl *.google.co.id *.google.com.ar *.google.com.sa *.google.com.eg consentag.eu; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com secure.adnxs.com sp.analytics.yahoo.com cdn.sanity.io *.sojern.com *.tiktok.com calendar.google.com assets.adobedtm.com cookies.alterramtnco.com *.doubleclick.net api.mapbox.com kit.fontawesome.com lifts-and-trails.netlify.app api-gcu1.inbenta.io www.youtube.com sdk.inbenta.io s.yimg.com apolloprogram.io www.google.com mtnpowder.com api.trustyou.com www.googletagmanager.com *.clarity.ms rum.browser-intake-us3-datadoghq.com www.inntopia.travel *.everesttech.net use.typekit.net ka-p.fontawesome.com ib.adnxs.com *.facebook.com analytics.google.com p.typekit.net *.omtrdc.net img.youtube.com *.facebook.net *.youtube-nocookie.com aws-cdn.inntopia.com v4.mtnfeed.com vicomap.resorts-interactive.com cdn.cookielaw.org *.onetrust.com www.sc.pages08.net blog.stratton.com www.pages08.net camstreamer.com alterra-incontact-tokens-prod.u01.inbenta.services *.adform.net adservice.google.com cdn.inbenta.io *.adsrvr.org alterraassets.widen.net www.datadoghq-browser-agent.com www.google.ca *.bidr.io *.demdex.net session-replay.browser-intake-us3-datadoghq.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://*.gstatic.com *.fontawesome.com *.gstatic.com data: https://*.hotjar.com https://fonts.gstatic.com https://www.tommeetippee.com https://cdn.channelsight.com https://*.cloudfront.net https://*.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.xtento.com https://*.demdex.net https://*.adyen.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com https://*.cloudiq.com https://optimize.google.com https://widget.trustpilot.com https://*.quiq-cdn.com https://*.pinterest.com https://*.mention-me.com accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://*.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com https://optimize.google.com https://cdn.channelsight.com https://secure.tommeetippee.com https://*.pixriot.com https://www.storeimaging.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.cloudfront.net *.pixriot.com *.storeimaging.com https://site-assets.afterpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.adyen.com *.exponea.com www.xtento.com cdn.xtento.com https://cdn.channelsight.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com https://*.paypal.com https://*.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://static.cloudflareinsights.com https://*.quiq-api.com https://*.quiq-cdn.com https://*.pixriot.com https://js.monitor.azure.com https://*.quantcount.com https://*.quantserve.com https://*.clarity.ms https://*.fullstory.com  https://apps.storystream.ai https://www.dwin1.com https://*.px-cloud.net https://*.px-cdn.net https://*.mention-me.com https://cdn.stape.io https://*.klarnaservices.com *.avada.io accounts.google.com https://js.afterpay.com https://*.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.fontawesome.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://*.googleapis.com/ https://optimize.google.com https://cdn.channelsight.com https://*.cloudfront.net https://www.googletagmanager.com https://*.klarnacdn.net accounts.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.exponea.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com https://*.cloudiq.com https://*.paypal.com https://*.googleapis.com https://api.channelsight.com https://*.pixriot.com https://dc.services.visualstudio.com https://*.fullstory.com https://*.clarity.ms https://*.google-analytics.com https://*.px-cloud.net https://*.px-cdn.net https://*.cloudfront.net https://*.nr-data.net https://*.mention-me.com *.dxpapi.com https://*.klarnaservices.com *.pixriot.com *.storeimaging.com https://get.geojs.io *.avada.io accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com https://fonts.gstatic.com *.google-analytics.com *.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.global-e.com *.yotpo.com *.klevu.com data: *.mention-me.com *.ksearchnet.com *.fontawesome.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.twitter.com *.bglobale.com *.hotjar.com *.hotjar.io *.duel.me *.vimeo.com *.shipperhq.com *.google.com *.paypal.com *.ometria.com *.ometria.email *.addtoany.com/ *.pinterest.com *.visualwebsiteoptimizer.com app.vwo.com *.dotdigital-pages.com *.dotdigital.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.google.com *.gstatic.com *.google.co.uk maps.googleapis.com *.googleadservices.com *.global-e.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.ometria.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.daylesford.com *.kaltura.com *.pinterest.com *.facebook.net *.facebook.com *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com wingify-assets.s3.amazonaws.com chart.googleapis.com *.rakuten.com track.linksynergy.com *.trackedlink.net *.ksearchnet.com https://img.youtube.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.google.com *.gstatic.com pay.google.com *.google-analytics.com maps.googleapis.com *.twitter.com *.twimg.com *.bglobale.com *.yotpo.com js-agent.newrelic.com *.doubleclick.net *.ometria.com *.hotjar.com *.hotjar.io *.duel.me *.postcodeanywhere.co.uk *.pcapredict.com *.shipperhq.com *.zdassets.com www.bugherd.com *.klevu.com *.addtoany.com *.payments-amazon.com *.zendesk.com *.kaltura.com *.pinterest.com *.pinimg.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.rakuten.com track.linksynergy.com s7.addthis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com https://maps.googleapis.com *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'self' data: *.twitter.com *.typekit.net *.twimg.com getfirebug.com *.yotpo.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.myfonts.net *.zendesk.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.rakuten.com track.linksynergy.com *.ksearchnet.com *.fontawesome.com *.addtoany.com unsafe-inline assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com/ *.zendesk.com *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.postcodeanywhere.co.uk *.shipperhq.com wss://rms.shipperhq.com wss://widget-mediator.zopim.com *.zdassets.com *.ksearchnet.com *.zendesk.com *.pinterest.com *.sendtric.com *.yes track.linksynergy.com ekr.zdassets.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com http://dpm.demdex.net https://maps.googleapis.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-SogzoYFVnd5nnSzGUdh4cA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.processout.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://www.zenaps.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com https://*.attn.tv; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://*.google.com https://*.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.biotherm.com https://*.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.attn.tv https://events.attentivemobile.com https://www.biotherm.com/e2/ds/relay https://horizon-api.www.biotherm.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.biotherm.com https://m.biotherm.com https://checkout.biotherm.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://assets.revlifter.io https://*.akamaihd.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://tr.snapchat.com https://cdn.attn.tv https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com https://s1.thcdn.com; report-to report-endpoint; 1
block-all-mixed-content;script-src 'self' https://*.klaviyo.com https://*.criteo.com https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.yahoo.com https://ajax.aspnetcdn.com https://apis.google.com https://cdn.browsiprod.com https://connect.facebook.net https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://forms.hsforms.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspotfeedback.com https://js.hubspot.com https://js.usemessages.com https://osm.klarnaservices.com https://na-library.klarnaservices.com https://platform.linkedin.com https://query.yahooapis.com https://sslwidget.criteo.com https://static.criteo.net https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.yimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://static.www.turnto.com https://vistek.bamboohr.com/ https://www.gstatic.com https://s3.amazonaws.com https://www.paypalobjects.com https://x.klarnacdn.net https://js.klarna.com https://www.paypal.com https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline';style-src 'self' *.licdn.com *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com static.www.turnto.com x.klarnacdn.net vistek.bamboohr.com static.klaviyo.com 'unsafe-inline';child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.criteo.net *.criteo.com app.hubspot.com connect.facebook.net forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com https://*.cardinalcommerce.com;object-src *.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://www.youtube.com https://gum.criteo.com https://fledge.us.criteo.com/ https://accounts.google.com https://www.turnto.com https://static.www.turnto.com https://forms.hsforms.com https://www.google.com https://www.google.ca https://www.sandbox.paypal.com https://www.paypal.com https://js.playground.klarna.com https://js.klarna.com https://*.cardinalcommerce.com https://googleads.g.doubleclick.net https://app.hubspot.com https://td.doubleclick.net;worker-src 'self' blob: www.google.com;base-uri 'self' *.yahoo.com;report-uri /error/csp 1
font-src https://cdn.checkout.com *.fontawesome.com https://instantcredit.net/ *.klarnacdn.net *.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://js.checkout.com *.klarna.com https://instantcredit.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://cdn.checkout.com *.klarnacdn.net cdn.doofinder.com *.plugins.emarsys.net *.scarabresearch.com https://instantcredit.net/ https://code.jquery.com/ *.klarna.com *.klarnaservices.com * *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com *.doofinder.com https://instantcredit.net/ *.klarnacdn.net unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://js.checkout.com *.klarnaevt.com *.doofinder.com wss://*.doofinder.com *.scarabresearch.com *.eservice.emarsys.net https://instantcredit.net/ https://test.instantcredit.net/ *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'unsafe-eval' 'unsafe-inline' 'self' player.vimeo.com youtube-nocookie.com youtube.com google-analytics.com googletagmanager.com connect.facebook.net https:;; object-src 'none'; style-src 'unsafe-inline' 'self' googletagmanager.com https:;; img-src 'self' data: https:;; media-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-ancestors 'self'; child-src 'self' player.vimeo.com youtube-nocookie.com https:;; font-src 'self' data: https:;; connect-src 'self' player.vimeo.com youtube-nocookie.com https:;; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-b6uUh4hnbHCDxbY1hQS3Rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'none'; default-src 'self' https: blob:; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com *.nr-data.net https://blog.daisybillstaging.com https://blog.daisybill.com *.airbrake.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.amazonaws.com *.statuspage.io *.wistia.com; frame-src 'self' https: www.google.com/recaptcha/ www.gstatic.com/recaptcha/; font-src 'self' https: data: js.intercomcdn.com fonts.intercomcdn.com; img-src 'self' blob: data: about: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com images.ctfassets.net *.wistia.com *.cloudfront.net *.daisybillreview.com *.s3.amazonaws.com *.daisybill.com *.daisybillstaging.com; object-src *.s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'strict-dynamic' www.google.com www.gstatic.com *.googletagmanager.com app.intercom.io widget.intercom.io js.intercomcdn.com use.typekit.com js-agent.newrelic.com *.nr-data.net ajax.googleapis.com *.s3.amazonaws.com fast.wistia.com www.recaptcha.net  'nonce-JGZvbwRmf5KeuCCCzNN8Uw=='; style-src 'self' https: 'unsafe-inline' 'unsafe-eval' use.typekit.com use.typekit.net; child-src 'self' intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com; report-uri /csp_reports 1
script-src 'unsafe-inline' 'strict-dynamic' 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'nonce-QnJpZ2h0Q3Jvd2QuY29t' https://brightcrowd.com/_nuxtl/;script-src-elem 'self' 'unsafe-inline' https://brightcrowd.com/_nuxtl/;img-src 'self' data: blob: https://brightcrowd.com https://i.ytimg.com https://i.vimeocdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ https://demo.arcade.software/;font-src 'self' data: https://fonts.gstatic.com;object-src 'none';frame-ancestors 'self';base-uri 'self';form-action 'self';report-uri https://su3g0lm6gc.execute-api.us-east-1.amazonaws.com/csp/report;report-to csp-endpoint 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdnjs.cloudflare.com siteimproveanalytics.com *.gstatic.com ssl.google-analytics.com *.siteimproveanalytics.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.gjensidige.lt *.gjensidige.lv *.gjensidige.ee https://track.adform.net https://static.cloudflareinsights.com https://www.googletagmanager.com https://s2.adform.net https://consent.cookiebot.com https://connect.facebook.net/ https://gjensidigecol.cjteradata.com *.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://dmp.adform.net https://www.google.com https://www.facebook.com https://apps.mypurecloud.com https://imgsct.cookiebot.com/ https://stats.g.doubleclick.net https://consentcdn.cookiebot.com ; img-src 'self' data:blob: *.gjensidige.lt *.gjensidige.lv *.gjensidige.ee https://consent.cookiebot.com https://connect.facebook.net/; style-src 'self' *.gjensidige.lt *.gjensidige.lv *.gjensidige.ee https://consent.cookiebot.com https://connect.facebook.net/ https://consentcdn.cookiebot.com ; script-src 'self' 'unsafe-inline'; report-uri https://sales.gjensidige.lt/productapi/CspLogging/ReportCspViolation ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=nZxTbeF2Y4kkvkF3CQ_3oikpeHqDSyzkYbCa73CzumA-1715735821-1.0.1.1-.DntlpEF2fdvDQlkKjlT3j6l_o_tXfAa8ERbgdPUinoedtWr_XLvOK52.aMc2YlhSGesUHd1gj5aCDrx26tQ86seVifTQRRNzBz7vePghfz5KZNEEl3INNrkHZStt43xM5VLBiihrsMkHIgq62NvX1UoUxxid1EWP9zUUiHvkc1W8KXpTBDxn7tHD2K3CQsp; report-to cf-aqhmxcbyizrltkye 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com about:; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; report-uri https://irfu.report-uri.io/r/default/csp/reportOnly; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
font-src https://fonts.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com www.visualbadge.com www.blackinton.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com https://maps.googleapis.com https://maps.gstatic.com blob: *.listrakbi.com *.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://maps.googleapis.com *.listrakbi.com *.google.com *.gstatic.com *.authorize.net https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.listrakbi.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com https://maps.googleapis.com https://imgs.signifyd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bt.signifyd.com https://bt.signifyd.com:11103 *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.yotpo.com *.gstatic.com *.hsforms.com *.duosecurity.com *.fontawesome.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.north40.com *.facebook.com north40.com *.us19.list-manage.com *.hsforms.com *.duosecurity.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com *.weltpixel.com *.signifyd.com *.online-metrix.net *.facebook.com *.google.com snapwidget.com *.addthis.com *.weather.gov widget.surveymonkey.com *.surveymonkey.com *.paypalobjects.com *.hsforms.net *.hsforms.com *.hubspot.com *.duosecurity.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net *.paypal.com *.typekit.net validator.swagger.io maps.googleapis.com *.yotpo.com *.signifyd.com *.nexcesscdn.net *.unbxdapi.com *.fna.fbcdn.net *.bing.com *.cloudfront.net *.online-metrix.net *.facebook.com *.amazonaws.com *.weltpixel.com *.google-analytics.com *.north40.com *.google.com images.north40.com.global.prod.fastly.net *.zopim.com *.googleapis.com *.xtento.com waterdata.usgs.gov www.google.co.in widget.surveymonkey.com *.surveymonkey.com *.zopim.io n40.s3.us-east-1.amazonaws.com *.clarity.ms *.hsforms.net *.hsforms.com *.simpli.fi *.hubspot.com *.doubleclick.net *.3lift.com *.tremorhub.com *.exelator.com *.intentiq.com *.agkn.com *.tapad.com *.crwdcntrl.net  *.bluekai.com *.bfmio.com *.spotxchange.com *.rlcdn.com *.lijit.com *.openx.net *.rubiconproject.com *.adnxs.com *.pro-market.net cfvod.kaltura.com *.duosecurity.com *.hubspotusercontent-na1.net psyberware.com www.xtento.com cdn.xtento.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.gstatic.com *.cdninstagram.com *.fbcdn.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net www.googletagmanager.com ajax.googleapis.com maps.googleapis.com *.cloudflare.com *.cloudfront.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.facebook.net *.yotpo.com *.signifyd.com *.unbxdapi.com *.unbxd.io *.gstatic.com *.bing.com *.addthis.com *.zdassets.com *.weltpixel.com *.zopim.com *.moatads.com *.addthisedge.com *.north40.com resources.xg4ken.com googleads.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com cdn.scarabresearch.com static.scarabresearch.com cdn.noibu.com *.amazonaws.com *.acsbap.com *.acsbapp.com 'unsafe-inline' *.clarity.ms *.hubspot.com *.hsforms.net *.hsforms.com *.simpli.fi *.hs-scripts.com js.hs-banner.com js.hs-analytics.net *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hsadspixel.net *.hsleadflows.net js.hscta.net *.usemessages.com cdnapisec.kaltura.com *.duosecurity.com https://js-agent.newrelic.com/ www.xtento.com cdn.xtento.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.yotpo.com *.cloudfront.net *.unbxdapi.com *.gstatic.com *.unbxd.io widget.surveymonkey.com *.mailchimp.com *.duosecurity.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.hsforms.com *.duosecurity.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.paypal.com *.yotpo.com *.instagram.com *.signifyd.com *.zdassets.com *.zendesk.com *.north40.com *.weltpixel.com *.google-analytics.com *.zopim.com wss://widget-mediator.zopim.com bt.signifyd.com:11103 stats.g.doubleclick.net widget.surveymonkey.com *.surveymonkey.com recommender.scarabresearch.com recommender-eu.scarabresearch.com wss://input.noibu.com https://input.noibu.com/pv *.noibu.com *.clarity.ms *.us19.list-manage.com *.hsforms.net *.hsforms.com *.hscollectedforms.net hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.googleapis.com *.hubapi.com *.duosecurity.com *.unbxdapi.com *.unbxd.io analytics.google.com test-unbxd-console-platform.s3.amazonaws.com unbxd-console-platform.s3.amazonaws.com d3oudgusdzf61y.cloudfront.net ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleusercontent.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://www.google.com https://region1.analytics.google.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://capi.gdc.us/events https://cdn.equalweb.com https://access.equalweb.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co https://sandbox.sequracdn.com https://live.sequracdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; frame-src https://13128304.fls.doubleclick.net/ https://td.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com https://sandbox.sequracdn.com https://live.sequracdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; font-src https://static.klaviyo.com https://static-es.germainedecapuccini.es fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src https://maps.googleapis.com https://cdn.equalweb.com https://analytics.tiktok.com https://access.equalweb.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com https://sandbox.sequracdn.com https://live.sequracdn.com *.storyblok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://d3k81ch9hvuctc.cloudfront.net https://ad.doubleclick.net https://ade.googlesyndication.com https://germaine-de-capuccini.ui.smartie.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com cdn.doofinder.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com https://sandbox.sequracdn.com https://live.sequracdn.com *.storyblok.com data: 'self' 'unsafe-inline'; style-src https://fonts.googleapis.com https://access.equalweb.com *.doofinder.com https://static.klaviyo.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' *.gstatic.com use.fontawesome.com; img-src 'self' data: *.eventdata.co.uk *.eventdata.uk eventdata.uk *.google-analytics.com px.ads.linkedin.com connect.facebook.com connect.facebook.net syndication.twitter.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.eventdata.co.uk *.eventdata.uk eventdata.uk pay.dnapayments.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com app.webreg.me snap.licdn.com connect.facebook.net use.fontawesome.com platform.linkedin.com platform.twitter.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; style-src 'self' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net app.gleanin.com connect.facebook.com; frame-src www.booking.com platform.twitter.com pay.dnapayments.com; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; frame-src youtube.com vimeo.com; base-uri 'self'; report-uri https://webhook.site/csf-webhook 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-zb2vmPSkSj3PYOJia4SFu8ag4ooK8qlkcbzcDSxvmZE='; base-uri 'self';report-to csp-endpoint 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.cloudflare.com *.cloudmaestro.com *.crosman.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.sezzle.com *.youtube.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net cdn.sitesearch360.com cloudflare.com code.jquery.com fontawesome.com forms.hsforms.com googleapis.com jquery.com js.hsforms.net jsdelivr.net jstest.authorize.net kit.fontawesome.com mczbf.com unpkg.com www.googlecommerce.com www.gstatic.com www.mczbf.com js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com js.usemessages.com js.authorize.net plugins.experticity.com *.googlesyndication.com *.vimeo.com stockist.co ravincrossbows.com www.ravincrossbows.com *.elfsight.com widget.tagembed.com *.helloextend.com *.sharethis.com js.smct.io smct.co cdn.ckeditor.com *.envolvetech.com *.googlecommerce.com *.tiktok.com *.iubenda.com *.stamped.io *.tailwindcss.com *.mountain.com vimeo.com *.klaviyo.com *.incontact.com home-c9.incontact.com *.redditstatic.com js.smct.co delivery.gettopple.com static.klaviyo.com static-tracking.klaviyo.com facebook.com *.cartsave.io *.gettopple.com; style-src 'self' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.crosman.com *.googleapis.com *.sezzle.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net forms.hsforms.com js.hsforms.net jstest.authorize.net mczbf.com unpkg.com www.mczbf.com cdn.sitesearch360.com *.typekit.net js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com ravincrossbows.com www.ravincrossbows.com *.bootstrapcdn.com *.stamped.io *.smct.io *.tailwindcss.com vimeo.com *.klaviyo.com cdn.ckeditor.com fonts.cdnfonts.com; report-uri /.webscale/csp-report 1
font-src *.googleapis.com *.gstatic.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.credova.com *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.credova.com * *.yotpo.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.facebook.com blob: t.co *.twitter.com *.cookielaw.org *.quantserve.com *.amazonaws.com *.zdassets.com rootways.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.credova.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.yotpo.com *.authorize.net sandbox-assets.secure.checkout.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com data: blob: *.cookielaw.org *.hotjar.com *.zdassets.com *.klaviyo.com *.quantserve.com *.crazyegg.com *.ads-twitter.com *.remarketstats.com *.clarity.ms *.quantcount.com *.clickcertain.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.yotpo.com *.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.credova.com *.yotpo.com *.authorize.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.net data: blob: wss: *.cookielaw.org *.onetrust.com *.zendesk.com *.crazyegg.com *.zopim.com *.clarity.ms *.hotjar.io https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.googleapis.com fonts.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://www.googletagmanager.com/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com sewactivate.phc.brother 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca s3.us-east-1.amazonaws.com *.bird.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net s3.amazonaws.com img.babylock.com google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com cdn.cookielaw.org sewactivate.phc.brother woobox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://imgs.signifyd.com cdn.cookielaw.org sewactivate.phc.brother woobox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com woobox.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wTMztx9VJsZSHPdy2s8Flg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iBjXmQS5PqT07ZFDcvEN6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'nonce-v9gijU2guNo6lffg7gKU5A=='; report-to 'self' 1
img-src 'self' data: https: https://*.johnnybet.com/ https://*.johnnybet.ru/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.johnnybet.com/ https://*.johnnybet.ru/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.johnnybet.com/ https://*.johnnybet.ru/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.ru/; media-src 'self' https://*.johnnybet.com/ https://*.johnnybet.ru/; frame-src 'self' http: https:; manifest-src 'self' https://*.johnnybet.com/ https://*.johnnybet.ru/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.ru/ 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.njmmis.com app1.confidentcarecorp.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'unsafe-eval' 'unsafe-inline' *.dca0.com https://script.crazyegg.com maps.google.com *.avmws.com bam.nr-data.net *.cloudmaestro.com d3b4i635mede5k.cloudfront.net cdn.jsdelivr.net www.apex.live www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com s.ytimg.com d.adroll.mgr.consensu.org www.google.com ssl.avmws.com cdn.avmws.com www.gstatic.com connect.facebook.net display.ugc.bazaarvoice.com maps.googleapis.com *.adroll.com *.bazaarvoice.com cdn-scripts.signifyd.com imgs.signifyd.com wileyx.com *.wileyx.com js-agent.newrelic.com cdn.mouseflow.com downloads.mailchimp.com staticw2.yotpo.com mc.us14.list-manage.com bam-cell.nr-data.net static.klaviyo.com fast.a.klaviyo.com static.zdassets.com assets.zendesk.com *.paypal.com *.paypalobjects.com embedsocial.com f.vimeocdn.com *.googleadservices.com *.vimeo.com bat.bing.com static-tracking.klaviyo.com www.googleoptimize.com *.googleoptimize.com static.criteo.net sslwidget.criteo.com dynamic.criteo.com assets.adobedtm.com www.ordertracker.com static.fittingbox.com cdn.yottaa.com www.clarity.ms clarity.ms tags.srv.stackadapt.com widget.us.criteo.com www.snippet.maze.co *.snippet.maze.co; report-uri /.webscale/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google.com *.facebook.com *.azureedge.net c.bing.com *.doubleclick.net bat.bing.com ad.ipredictive.com oc-registry.opentable.com *.clarity.ms components.otstatic.com *.boydgaming.com menus.singleplatform.com replays.robertsstream.com youtube.com www.youtube.com *.onetrust.com *.googleapis.com www.google-analytics.com *.cloudfront.net static.boydgaming.net api-engage-us.sitecorecloud.io region1.google-analytics.com www.googletagmanager.com twin-iq.kickfire.com *.facebook.net cdn.otstatic.com www.google.ca cdn.cookielaw.org cdnjs.cloudflare.com adservice.google.com www.opentable.com ads.robertsstream.com assets.adobedtm.com places.singleplatform.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com partner.testseek.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.stockinthechannel.co.uk app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com; frame-ancestors accounts.stockinthechannel.co.uk; img-src * data:; media-src 'self' images.stockinthechannel.co.uk media.stockinthechannel.com; manifest-src images.stockinthechannel.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.stockinthechannel.co.uk images.stockinthechannel.co.uk static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src  https: wss:; report-uri /csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-v3HuxFiLWV7vqmnIghuUdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.audioeye.com akstat.io *.akstat.io cookielaw.org cdn.cookielaw.org *.google-analytics.com *.quantummetric.com quantummetric.com *.typekit.net www.googletagmanager.com tapestry.com *.tapestry.com tapestry.support *.licdn.com *.jwplatform.com *.jwpcdn.com cdn.jwplayer.com prd.jwpltx.com *.jwpsrv.com jsdelivr.net *.jsdelivr.net *.newrelic.com *-tapestry-news.pantheonsite.io cdnjs.cloudflare.com fonts.googleapis.com secure.gravatar.com px.ads.linkedin.com cdn.linkedin.oribi.io p.adsymptotic.com tapestry.gcs-web.com opensupplyhub.org *.akamaihd.net go-mpulse.net *.go-mpulse.net geolocation.onetrust.com stats.g.doubleclick.net fonts.gstatic.com data: blob:; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://tr.snapchat.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.klarna.com https://js.klarna.com https://js.playground.klarna.com https://online2.superoffice.com *.fls.doubleclick.net  https://tr.snapchat.com https://vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://x.klarnacdn.net/ https://visitanalytics.userreport.com https://ad.doubleclick.net  https://ib.adnxs.com https://adservice.google.com https://www.google.com https://www.google.se https://www.google.no https://www.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://js.klarna.com https://js.playground.klarna.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://cdn-ukwest.onetrust.com/ https://www.tryggehandel.no/ https://online2.superoffice.com https://www.googleoptimize.com https://static.hotjar.com https://sc-static.net https://connect.facebook.net  *.adnxs.com https://track.adform.net https://script.hotjar.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.googleapis.com https://*.54proxy.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://bam.eu01.nr-data.net https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com https://maps.googleapis.com *.klarnacdn.net *.klarna.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com js.hs-banner.com tag.demandbase.com forms.hsforms.com *.facebook.com forms-na1.hsforms.com *.gstatic.com www.clickcease.com perf-na1.hsforms.com www.google-analytics.com api.omappapi.com cdn.heapanalytics.com client-api.auryc.com b.6sc.co *.googleapis.com t.co snid.snitcher.com a.opmnstr.com *.linkedin.com a.omappapi.com *.doubleclick.net *.googleadservices.com *.gbgplc.com *.hubspot.com bat.bing.com epsilon.6sense.com j.6sc.co snippet.maze.co www.google.co.uk heapanalytics.com ipv6.6sc.co *.wistia.com *.facebook.net api.hubapi.com js.hs-scripts.com *.twitter.com js.hsforms.net adservice.google.com *.onetrust.com *.bidr.io *.azure.com 2918901.hs-sites.com api.company-target.com api.investisdigital.com js.hsadspixel.net epsilon-globalaccelerator.6sense.com *.licdn.com assets4.lottiefiles.com secure.intelligent-business-7.com assets9.lottiefiles.com prompts.maze.co *.ads-twitter.com region1.google-analytics.com id.rlcdn.com www.googleoptimize.com www.googletagmanager.com c.6sc.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.klaviyo.com www.instagram.com apps.elfsight.com widget.gleamjs.io *.facebook.net sogknives.com www.googleoptimize.com imgs.signifyd.com cdn.userway.org *.amazon-adsystem.com www.google-analytics.com cdn11.bigcommerce.com *.bazaarvoice.com *.sentry.io *.cloudfront.net media-cdn.ipredictive.com x.klarnacdn.net tasks.gsmoutdoors.com *.doubleclick.net storage.elfsight.com www.youtube.com bat.bing.com bes.gcp.data.bigcommerce.com ad.ipredictive.com *.gstatic.com region1.analytics.google.com cdnjs.cloudflare.com core.service.elfsight.com static-tracking.klaviyo.com adservice.google.com *.online-metrix.net na.klarnaevt.com www.google.com cdn77.api.userway.org cdn.avmws.com api.userway.org a.klaviyo.com eu.klarnaevt.com js.klarna.com www.gsmoutdoors.com analytics.google.com images.ctfassets.net cdn-scripts.signifyd.com use.typekit.net cdn.contentful.com phosphor.utils.elfsightcdn.com p.typekit.net www.googletagmanager.com static.elfsight.com *.addthis.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 1
object-src 'none';base-uri 'self';script-src 'nonce-a0XoP_uMgfaCc6UhEvNZwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://use.typekit.net https://s7.addthis.com https://script.crazyegg.com https://v1.addthisedge.com https://m.addthis.com https://z.moatads.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net/; img-src 'self' https://ssl.google-analytics.com https://p.typekit.net https://*.tile.openstreetmap.org data: https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com about:blank; connect-src 'self' https://script.crazyegg.com https://m.addthis.com https://maps.googleapis.com https://www.google-analytics.com https://translate.googleapis.com https://region1.google-analytics.com; frame-ancestors 'self'; report-uri https://c46d7a2773c62cc2aeeb98ba3522f4d1.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-2IhRyEf-C_piKc24qhpuuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com www.facebook.com *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.googletagmanager.com api.devatics.io *.doubleclick.net gjigle.com *.saferpay.com www.facebook.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro insight.adsrvr.org https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io gjigle.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.linkedin.com www.facebook.com *.adnxs.com www.google.com.ua cdn.devatics.io *.saferpay.com notifpush.com *.laiye.com *.destygo.com *.mindsay.com *.piwik.pro connect.facebook.net cdn.cookielaw.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com cdn.cookielaw.org *.googletagmanager.com connect.facebook.net secure.adnxs.com targetemsecure.blob.core.windows.net cgn.slgnt.eu notifpush.com userlike-cdn-widgets.s3-eu-west-1 dmc.devatics.io try.abtasty.com acdn.adnxs.com snap.licdn.com widget.destygo.com *.cloudfront.net *.amazonaws.com *.saferpay.com http://trk.adbutter.net *.laiye.com *.destygo.com *.mindsay.com *.googleapis.com *.gstatic.com *.piwik.pro js.adsrvr.org http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googletagmanager.com cdn.cookielaw.org www.google.com.ua *.amazonaws.com api.userlike.com notifpush.com *.googleapis.com *.doubleclick.net *.saferpay.com www.facebook.com *.abtasty.com *.laiye.com *.destygo.com *.mindsay.com *.gstatic.com *.piwik.pro pagead2.googlesyndication.com gjigle.com cdn.linkedin.oribi.io secure-apis.notifadz.com px.ads.linkedin.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src px.ads.linkedin.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-AIUhsjV9OxFdyoWY0L_QHA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src userlike-cdn-umm.b-cdn.net *.gstatic.com data: *.cloudfront.net *.mey.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src ct.pinterest.com *.awin1.com *.zenaps.com td.doubleclick.net fledge.eu.criteo.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de gum.criteo.com pixel.mathtag.comm pp.payengine.de pptest.payengine.de checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ 'self' 'unsafe-inline';  img-src www.etracker.de id5-sync.com s.thebrighttag.com beacon.krxd.net *.google.de *.google.com ads.creative-serving.com *.uimserv.net *.adnxs.com ups.analytics.yahoo.com visitor.omnitagjs.com *.ad.smaato.net matching.ivitrack.com exchange.mediavine.com hb.yahoo.net *.adform.net jadserve.postrelease.com *.taboola.com *.stickyadstv.com criteo-sync.teads.tv sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.emxdgt.com criteo-partners.tremorhub.com sync.outbrain.com *.3lift.com *.smartadserver.com ads.yahoo.com *.casalemedia.com *.bidswitch.net *.twiago.com contextual.media.net match.sharethrough.com *.pubmatic.com cdn.stickyadstv.com *.adscale.de ad.360yield.com sp.analytics.yahoo.com ad.yieldlab.net cotads.adscale.de *.criteo.com *.liadm.com pixel.rubiconproject.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.awin1.com *.zenaps.com *.bing.com *.cloudfront.net stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com www.google.com www.google.de www.googletagmanager.com *.usercentrics.eu *.adfarm1.adition.com *.adition.com *.pinterest.com pixel.mathtag.com *.adnxs.com checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ *.mey.com *.clarity.ms 'self' data: data: 'self' 'unsafe-inline'; script-src userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cdn.polyfill.io browser.sentry-cdn.com *.etracker.de *.etracker.com *.google.de *.google.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googletagmanager.com *.adyen.com *.googleapis.com www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.adform.net *.amazon.com js.adsrvr.org *.awin1.com bat.bing.com *.dt51.net *.cloudfront.net googleads.g.doubleclick.net https://www.dwin1.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com lantern.roeyecdn.com connect.facebook.net www.google.com *.google-analytics.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com static.shopgate.com *://the.sciencebehindecommerce.com tagmanager.google.com *.usercentrics.eu *.kuponacdn.de app.theadx.com browser-update.org pixel.mathtag.com pptest.payengine.de *.adnxs.com static.criteo.net s.pinimg.com sslwidget.criteo.com *.clarity.ms *.mey.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.usercentrics.eu *.cloudfront.net *.mey.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google.com maps.googleapis.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com sentry.mey.netz98.org eu-api.friendlycaptcha.eu www.etracker.de www.facebook.com www.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net googleads.g.doubleclick.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.g.doubleclick.net mey.dvinci-hr.com bam.eu01.nr-data.net https://the.sciencebehindecommerce.com https://*.wepowerconnections.com tr.outbrain.com *.usercentrics.eu aggregator.service.usercentrics.eu bat.bing.com *.pinterest.com *.google-analytics.com *.maps.googleapis.com *.mey.com *.cloudfront.net *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.klarnacdn.net *.acsbapp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.playground.klarna.com *.google.com *.hotjar.com *.facebook.com *.criteo.com calendly.com *.doubleclick.net *.cookiebot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarnaevt.com *.googletagmanager.com *.amazonaws.com *.googleapis.com *.gstatic.com pixel.quantserve.com *.google.com *.facebook.com *.cloudfront.net cx.atdmt.com *.clerk.io *.criteo.com *.adsymptotic.com *.bing.com *.google.it *.doubleclick.net *.clarity.ms *.calendly.com *.bidswitch.net *.adnxs.com *.adscale.de *.omnitagjs.com *.casalemedia.com *.360yield.com *.yieldlab.net *.media.net *.mediavine.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartclip.net *.tremorhub.net *.tremorhub.com *.3lift.com *.acsbapp.com *.equalweb.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.emxdgt.com *.adform.net id5-sync.com *.ivitrack.com *.yieldmo.com *.krxd.net *.thebrighttag.com *.cookiebot.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.avada.io https://cdn.scalapay.com *.googleapis.com *.gstatic.com *.clerk.io *.googletagmanager.com *.google-analytics.com *.doubleclick.net/ *.google.com *.quantserve.com rules.quantcount.com *.adform.net snap.licdn.com 127.0.0.1 *.nr-data.net *.newrelic.com *.hotjar.com *.jsdelivr.net commerce.adobedc.net *.aptrinsic.com *.iubenda.com *.cloudfront.net *.tremorhub.com *.criteo.com acsbapp.com *.acsbapp.com *.equalweb.com *.calendly.com *.myfeelback.com *.facebook.net *.bing.com *.clarity.ms *.cookiebot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.klarnacdn.net *.calendly.com *.equalweb.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://corneliani.eu-central-1.linodeobjects.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net *.klarna.com https://get.geojs.io *.avada.io *.google-analytics.com *.doubleclick.net *.nr-data.net commerce.adobedc.net *.iubenda.com acsbapp.com *.acsbapp.com *.equalweb.com *.myfeelback.com *.googlesyndication.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval';font-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' blob:; worker-src * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * blob:; 1
font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com fonts.gstatic.com data: v2.zopim.com js.klevu.com *.wistia.com maxcdn.bootstrapcdn.com fonts.yieldify-production.com acsbapp.com *.hotjar.com *.nudgify.com x.klarnacdn.net *.narvar.com *.narvar.qa *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com vimeo.com *.criteo.com *.criteo.net *.doubleclick.net *.trustpilot.com *.paypalobjects.com *.wistia.net button.aftership.com *.sharethis.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.attn.tv *.yieldify.com *.kaptcha.com *.sirv.com *.katapult.com *.nudgify.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://img.youtube.com https://* insight.adsrvr.org vimeo.com bat.bing.com js.klevu.com *.klaviyo.com v2.zopim.com maps.googleapis.com *.criteo.com *.criteo.net *.doubleclick.net *.wistia.com *.attn.tv *.nudgify.com *.klarnaservices.com *.narvar.com *.narvar.qa store.paradoxlabs.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com x.klarnacdn.net *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com s7.addthis.com *.visualwebsiteoptimizer.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.liadm.com *.getgobot.com solutions.invocacdn.com v2.zopim.com static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com *.trustpilot.com bat.bing.com button.aftership.com *.criteo.com *.criteo.net *.klaviyo.com *.attn.tv *.doubleclick.net acsbapp.com *.wistia.com *.wistia.net *.steelhousemedia.com *.mouseflow.com *.sharethis.com js-agent.newrelic.com *.nr-data.net *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com www.googleoptimize.com pnapi.invoca.net *.yieldify.com *.noibu.com *.lordoftheentertainingostriches.com *.katapult.com *.sirv.com *.howuku.com *.usbrowserspeed.com *.clarity.ms *.nudgify.com *.authorize.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com js.klevu.com *.klaviyo.com *.sharethis.com maxcdn.bootstrapcdn.com wss://*.hotjar.com fonts.googleapis.com *.katapult.com *.nudgify.com x.klarnacdn.net *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blob: embedwistia-a.akamaihd.net *.zendesk.com *.zdassets.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com ekr.zdassets.com/ *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.liadm.com *.criteo.com *.getgobot.com *.googlesyndication.com *.attentivemobile.com *.invoca.net *.yieldify.com *.dc.yieldify.com *.yieldify-production.com *.zopim.com wss://widget-mediator.zopim.com static.zdassets.com ekr.zdassets.com *.google.com *.acsbapp.com *.doubleclick.net *.klaviyo.com https://bt.signifyd.com:11103/ *.signifyd.com:11103 *.paypal.com *.paypalobjects.com *.wistia.com *.litix.io *.akamaihd.net bat.bing.com *.trustpilot.com *.sharethis.com *.nr-data.net *.mouseflow.com *.attn.tv maps.googleapis.com *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.lordoftheentertainingostriches.com *.noibu.com wss://*.noibu.com zendesk-eu.my.sentry.io fonts.googleapis.com *.breadgateway.net *.howuku.com *.clarity.ms *.nudgify.com *.klarnauserservices.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src vimeo.com *.vimeocdn.com *.getbread.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io * *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io * *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com gateway.sezzle.com sandbox.gateway.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-CPOMlOBylfAMWHAhqR5iQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net https://plumrocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com d17anp2eo56k6j.cloudfront.net d9h1vtbtgkgvf.cloudfront.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cs.1worldsync.com *.twitter.com idsync.live.streamtheworld.com wtbevents.pricespider.com www.google.com.hk fast.fonts.net c.clicktale.net tag.demandbase.com tags.tiqcdn.com epson.ca *.pinterest.com *.linkedin.com *.everesttech.net bam.nr-data.net *.bazaarvoice.com js-agent.newrelic.com www.google-analytics.com *.ads-twitter.com cdnssl.clicktale.net *.lijit.com *.rubiconproject.com img.youtube.com embeddedcloud.pricespider.com bat.bing.com huge.superpinkday.com *.gstatic.com simage2.pubmatic.com cms.analytics.yahoo.com s.company-target.com image8.pubmatic.com q-aus1.clicktale.net sp.analytics.yahoo.com crb.kargo.com *.demdex.net app.qualified.com www.google.fr www.google.com cdnjs.cloudflare.com sc-static.net *.facebook.com js.cnnx.link api.company-target.com analytics.google.com *.snapchat.com match.sharethrough.com *.doubleclick.net *.omtrdc.net *.casalemedia.com js.qualified.com www.googletagmanager.com *.googleadservices.com apex-7-adswizz.attribution.adswizz.com cdn.pricespider.com ws.cs.1worldsync.com *.facebook.net epson.com id.rlcdn.com sync.1rx.io eb2.3lift.com *.googleapis.com unpkg.com ps.eyeota.net ups.analytics.yahoo.com *.adsrvr.org *.openx.net *.tealiumiq.com api.mapbox.com sync.bfmio.com ib.adnxs.com www.google.co.uk *.pinimg.com srm.bf.contentsquare.net google.com tiny.superpinkday.com *.bluekai.com *.goepson.com *.dotomi.com www.google.ca region1.analytics.google.com pi.pardot.com us-east.ads.audio.thisisdax.com *.tiktok.com adservice.google.com segments.company-target.com www.youtube.com exchange-match.mediaplex.com *.windows.net k-aus1.clicktale.net cdn.jsdelivr.net partners.tremorhub.com tag-logger.demandbase.com t.co idsync.rlcdn.com ads.stickyadstv.com *.licdn.com bh.contextweb.com *.epson.com us.ck-ie.com s.yimg.com contextual.media.net wss://ws.qualified.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
report-to default; report-uri https://csp-reporter.ixmediahosting.com:1443/report-uri.php; default-src 'none'; connect-src 'self' *.analytics.google.com *.google-analytics.com analytics.google.com consent.cookiebot.com consentcdn.cookiebot.com metrics.hotjar.io stats.g.doubleclick.net vc.hotjar.io www.facebook.com www.google.ca www.google.fr; font-src 'self' data: fonts.gstatic.com; form-action 'self' ixmedia.us4.list-manage.com www.facebook.com; frame-ancestors 'self'; frame-src consentcdn.cookiebot.com player.vimeo.com td.doubleclick.net www.facebook.com www.google.com www.googletagmanager.com; img-src 'self' *.google-analytics.com data: i.vimeocdn.com imgsct.cookiebot.com static.xx.fbcdn.net tr-rc.lfeeder.com www.facebook.com www.google-analytics.com www.google.ca www.google.com www.google.fr www.googletagmanager.com; manifest-src 'self'; script-src 'report-sample' 'self' 'sha256-NfHtBXvtOA9IC0YpnmozJjX4weCLRu4diaJTRn+lMhk=' 'sha256-W2uEbIpK6q92muqoDy6u3KMeUePel1zQOvV1Co9KM3s=' 'sha256-ecUmnWipzwnydBIxUX3xSTzhsl1TV6acmav1if9sFos=' 'sha256-nfuLyQYnt1nByVVhPiUEga6J7XeFM5Vswf0ZExsIjr8=' 'sha256-oWPGmIx9JdlTCBW0DdZ8qiCoNWGYDJxyWGw3rA4BwTU=' connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com player.vimeo.com sc.lfeeder.com script.hotjar.com static.hotjar.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.livechatinc.com https://*.haiku.ai https://api.hubspot.com https://api.mixpanel.com https://cdn.freshmarketer.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://info.proctoru.com https://ip.freshmarketer.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://pi.pardot.com https://px.ads.linkedin.com https://snap.licdn.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://hire.withgoogle.com https://*.adroll.com https://*.consensu.org https://*.twitter.com/ https://cdn.syndication.twimg.com/ https://*.fullstory.com/ https://js.hs-banner.com https://api.hubapi.com https://sc.lfeeder.com https://tagmanager.google.com https://yas.bamboohr.com https://*.cincopa.com https://www.meazurelearning.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://maxcdn.bootstrapcdn.com https://platform.twitter.com/ https://tagmanager.google.com https://*.bamboohr.com https://*.meazurelearning.com https://cdn.jsdelivr.net; img-src https: data:; connect-src https://www.google-analytics.com https://*.haiku.ai https://api.mixpanel.com https://api.hubspot.com https://api.hubapi.com https://*.fullstory.com/ https://*.bamboohr.com https://stats.g.doubleclick.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; media-src https://*.livechatinc.com; frame-ancestors 'none'; object-src 'none'; frame-src https://secure.livechatinc.com https://bid.g.doubleclick.net https://forms.hsforms.com https://www.facebook.com https://www.youtube.com https://hire.withgoogle.com https://www.proctoru.com https://player.vimeo.com https://platform.twitter.com/ https://syndication.twitter.com/ https://twitter.com/; upgrade-insecure-requests 1
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.trustami.com widgets.trustedshops.com *.yotpo.com assets.bounceexchange.com events.bouncex.net use.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.cookielaw.org *.facebook.net *.pinimg.com assets.bounceexchange.com events.bouncex.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com track2.trbo.com ad4m.at ad4mat.net pixel.bsmartdata.com bid.g.doubleclick.net secure.pay1.de https://payments.amazon.de *.google.com t.adcell.com googleads.g.doubleclick.net *.google.de *.google.com.de *.facebook.com *.braintreegateway.com *.kaptcha.com *.doubleclick.net calendly.com *.pinterest.com *.authorize.net assets.bounceexchange.com events.bouncex.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.feedoptimise.com cdn.feedoptimise.com http://img.riskified.com/ https://beacon.flow.io/ https://cdn.flow.io/ https://flowcdn.io/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com hello.zonos.com *.pinterest.com google.com www.google.com.ua cdn.trustami.com *.trbo.com *.google.com *.google.me *.billiger.de bat.bing.com c.bing.com *.googletagmanager.com widgets.trustedshops.com app.usercentrics.eu *.doubleclick.net ad4m.at piwik.seoswisswirtz.ch www.lampenonline.de ih.adscale.de business.trustedshops.de *.adform.net *.cloudfront.net cdn.klarna.com https://payments.amazon.de marketing.net.idealopartner.com billiger.de t.adcell.com www.gstatic.com *.google.de *.google.com.de *.adition.com *.magentocommerce.com *.clarity.ms e.cdnwidget.com assets.bounceexchange.com events.bouncex.net media.sailthru.com cdn.cookielaw.org *.cdninstagram.com *.fbcdn.net api.bounceexchange.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.feedoptimise.com cdn.feedoptimise.com http://cdn.flow.io/ https://cdn.flow.io/ http://beacon.riskified.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.googletagmanager.com t.adcell.com rns.matelso.de *.google-analytics.com www.gstatic.com googleads.g.doubleclick.net cdn.trustami.com widgets.trustedshops.com static.trbo.com piwik.seoswisswirtz.ch app.usercentrics.eu www.adcell.de app.trustami.com bat.bing.com www.billiger.de api.trbo.com ad4m.at *.adform.net www.ad4mat.de r.df-srv.de *.payments-amazon.com https://payments.amazon.de cdn.klarna.com secure.pay1.de *.jquery.com hello.zonos.com *.sail-horizon.com *.pinimg.com *.pingdom.net *.iglobalstores.com *.pinterest.com *.newrelic.com *.nr-data.net *.calendly.com *.cookielaw.org *.adobedtm.com *.onetrust.com *.clarity.ms cdn.attn.tv assets.bounceexchange.com events.bouncex.net js.go2sdk.com https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com *.instagram.com tag.wknd.ai api.bounceexchange.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com cdn.trustami.com https://payments.amazon.de assets.bounceexchange.com events.bouncex.net tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.flow.io/ https://c.riskified.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com hello.zonos.com *.pinterest.com *.sail-personalize.com *.pingdom.net api.usercentrics.eu rns.matelso.de graphql.usercentrics.eu *.amazon.com *.criteo.com https://payments.amazon.de *.googletagmanager.com *.doubleclick.net t.adcell.com *.trustedshops.com *.etrusted.com *.sail-track.com *.nr-data.net *.cookielaw.org *.clarity.ms geolocation.onetrust.com data.cdnbasket.net page.cdnbasket.net view.cdnbasket.net ids.cdnwidget.com privacyportal.onetrust.com maps.googleapis.com image.cdnbasket.net events.attentivemobile.com assets.bounceexchange.com events.bouncex.net ss.chilewich.com *.analytics.google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net *.gstatic.com ssl.google-analytics.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src https://selecty.app https://selectybeta.app https://*.selecty.app https://*.selectybeta.app; script-src 'unsafe-inline' https://selecty.app https://selectybeta.app https://*.selecty.app https://*.selectybeta.app; style-src https://selecty.app https://selectybeta.app https://*.selecty.app https://*.selectybeta.app; connect-src https://selecty.app https://selectybeta.app https://*.selecty.app https://*.selectybeta.app wss://*.selecty.app wss://*.selectybeta.app 1
object-src 'none';base-uri 'self';script-src 'nonce-NP3U9sVnGD9kYAotsvEMmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-r07OmvmRxQ-WkeO5RIWHhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com *.livechatinc.com email.filmtools.com *.contivio.com *.akamaized.net use.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.shopperapproved.com *.facebook.com email.filmtools.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.facebook.com *.eventbrite.com docs.google.com *.livechatinc.com email.filmtools.com *.weltpixel.com *.punchout2go.com *.tradecentric.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca *.trackedlink.net https://www.shopperapproved.com *.payments-amazon.com *.amazon-adsystem.com *.filmtools.com *.facebook.net *.facebook.com maps.googleapis.com maps.gstatic.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com assets.instantsearchplus.com ping-dot-acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.shopperapproved.com https://direct.shopperapproved.com *.livechatinc.com connect.facebook.net *.eventbrite.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com acp-magento.appspot.com ping-dot-acp-magento.appspot.com https://unpkg.com *.punchout2go.com *.tradecentric.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.zmags.com email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com use.fontawesome.com *.punchout2go.com *.tradecentric.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com email.filmtools.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net maps.googleapis.com *.zmags.com bam.nr-data.net *.livechatinc.com email.filmtools.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com static.olark.com use.fontawesome.com; img-src *; media-src static.olark.com; connect-src 'self' nrpc.olark.com www.google-analytics.com; frame-src player.vimeo.com static.olark.com; script-src-elem * data: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-eval' 'unsafe-inline'; default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://7e3824c4ef9e9a35500bcb69c7efcd54.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-AX6bfs8ccHa0M77z8wtTtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Jse24bnr7E8ujNohAkLViA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com googleads.g.doubleclick.net secure.livechatinc.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.amazonaws.com bat.bing.com cdn.ywxi.net blob *.instantsearchplus.com *.trackedlink.net *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.fontawesome.com *.livechatinc.com bat.bing.com *.clarity.ms *.newrelic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com static-autocomplete.fastsimon.com ping.fastsimon.com settings.fastsimon.com static-grid.fastsimon.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.clarity.ms api.livechatinc.com bat.bing.com api.fastsimon.com suggest.instantsearchplus.com static-autocomplete.fastsimon.com static-grid.fastsimon.com ping.fastsimon.com settings.fastsimon.com stats.g.doubleclick.net bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; report-uri https://api.sendsteps.com/csp-reports; connect-src https://salesiq.zohopublic.eu https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.sendsteps.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.analytics.google.com https://www.google.fr https://www.google.dk https://www.google.com.tr https://www.google.com.be https://www.google.com.nl; font-src 'self'; img-src 'self' https://dev.visualwebsiteoptimizer.com https://cdn.sendsteps.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.au https://www.google.fr https://www.google.nl https://www.google.dk https://www.google.co.in https://www.google.co.za https://www.googletagmanager.com https://www.google.co.id data:; script-src 'self' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://consent.cookiebot.com https://maillist-manage.eu https://salesiq.zoho.eu https://ma.zoho.eu https://consent.cookiebot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://www.google-analytics.com https://www.googleoptimize.com https://sendc.scdn4.secure.raxcdn.com https://*.newrelic.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://sendc.scdn4.secure.raxcdn.com; object-src 'none'; media-src https://sendsteps-cdn-bucket.s3.eu-central-1.amazonaws.com; frame-src https://consentcdn.cookiebot.com 1
child-src 'self'; connect-src 'self' *.8x8.com *.cookiebot.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.visualstudio.com analytics.google.com wss://*.8x8.com; default-src 'self' *.rmtag.com; font-src 'self' https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self' *.8x8.com *.cookiebot.com *.doubleclick.net *.pages05.net *.stripe.com; img-src 'self' data: *.cookiebot.com *.doubleclick.net *.google-analytics.com infostore.saiglobal.com maps.gstatic.com www.google.com www.google.com.au; script-src-elem 'self' 'unsafe-inline' *.8x8.com *.ads-twitter.com *.azure.com *.cookiebot.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.pardot.com *.rmtag.com *.stripe.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to stott-security-endpoint; report-uri https://www.intertekinform.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 1
object-src 'none';base-uri 'self';script-src 'nonce-vb1WLzB4kEyLlWsE07GQtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://www.stopkillerrobots.org?gdsih-csp-report; 1
font-src *.fontawesome.com *.cloudflare.com *.gstatic.com *.googleapis.com *.typekit.net 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://pay.google.com https://secure-test.worldpay.com *.google.com 5900250.fls.doubleclick.net *.payments-amazon.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.klarna.com *.googleadservices.com *.google.com *.google.co.uk *.paypal.com *.run4it.com *.fbcdn.net d23yuld0pofhhw.cloudfront.net ut.ra.linksynergy.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js *.google-analytics.com https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.avada.io *.googletagmanager.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.feefo.com *.run4it.com *.klevu.com *.payments-amazon.com googleads.g.doubleclick.net connect.facebook.net tag.rmp.rakuten.com *.typekit.net *.google.com theed11117.pcapredict.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klevu.com *.run4it.com *.postcodeanywhere.co.uk unpkg.cm 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.addressy.com https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.feefo.com *.instagram.com *.amazon.com *.google-analytics.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: sentry.io; script-src 'self' 'self' https: data: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' cdn.materialdesignicons.com; img-src 'self' data: blob: *.knownorigin.io ko-blog-assets.imgix.net firebasestorage.googleapis.com translate.googleapis.com storage.googleapis.com user-profile-images-cdn-bucket.storage.googleapis.com www.google.com www.google.co.uk www.google.co.tz www.google.rw www.google.co.zw www.google.com.jm www.google.com.kw www.google.com.mm www.google.com.tj www.google.tt www.google.so www.google.cm www.google.gl www.google.vu analytics.google.com storage.cloud.google.com *.google-analytics.com www.googletagmanager.com fonts.gstatic.com alb.reddit.com www.facebook.com analytics.twitter.com t.co stats.g.doubleclick.net ipfs.infura.io reneil.eth.link registry.walletconnect.com script.hotjar.com yastatic.net connect.facebook.net ipfs.infura.io js.intercomcdn.com syndication.twitter.com downloads.intercomcdn.com static.intercomassets.com images.squarespace-cdn.com cdn.jsdelivr.net ct.pinterest.com cdn.cookielaw.org; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net fonts.intercomcdm.com at.alicdn.com script.hotjar.com use.typekit.net cdn.materialdesignicons.com cdn.megabonus.com fonts.intercomcdn.com rsms.me; connect-src 'self' properties: https: data: ipfs: blob: wss: *.intercom.io stats.g.doubleclick.net; worker-src 'self' https: blob:; media-src 'self' https: blob:; child-src 'self' https: blob:; report-uri https://o4504282778632192.ingest.sentry.io/api/4504283174666240/security/?sentry_key=4543d5feb32c40059b2d574493fcebb7&sentry_environment=production 1
font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://widgets.trustedshops.com https://media2.supermagnete.de https://www.supermagnete.de data:; frame-src 'self' https://*.amazon.com https://*.datatrans.com https://*.payments-amazon.com https://button.aftership.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.es https://payments.amazon.fr https://payments.amazon.it https://w.soundcloud.com https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://core-chat.chatbotize.com; img-src 'self' https://* * data:; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.aftership.com https://*.amazon.com https://*.datatrans.com https://*.payments-amazon.com https://ajax.googleapis.com https://apis.google.com https://bat.bing.com https://cdn.jsdelivr.net/npm/canvas-confetti@1.9.2/ https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://code.jquery.com https://feedback.shopvote.de https://googleads.g.doubleclick.net https://oss.maxcdn.com https://payments.amazon.de https://payments.amazon.es https://payments.amazon.fr https://payments.amazon.it https://*.googlesyndication.com https://widgets.trustedshops.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://live-chat.chatbotize.com https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://feedback.shopvote.de https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://widgets.trustedshops.com https://www.google.com/uds/ https://www.googletagmanager.com/debug/ https://www.gstatic.com/charts/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly 1
object-src 'none';base-uri 'self';script-src 'nonce-5jY3O6_QECrxR7w4x1awbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-m141tyHWYOw_VRM5SL6J9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.md www.google.com *.googleapis.com use.fontawesome.com *.doubleclick.net consentcdn.cookiebot.com cdn.jsdelivr.net *.facebook.com analytics.google.com imgsct.cookiebot.com *.gstatic.com code.jquery.com consent.cookiebot.com *.facebook.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /Api/CspReport; report-to csp-endpoint; default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' *.youtube.com; media-src 'self' *.youtube.com data:; connect-src 'self' *.google-analytics.com *.paypal.com www.facebook.com bat.bing.com *.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com *.paypalobjects.com; frame-src 'self' *.facebook.com *.paypalobjects.com *.paypal.com *.youtube.com *.youtube-nocookie.com *.google.com *.amazon.com; img-src 'self' *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.ytimg.com *.paypal.com *.facebook.com *.fbcdn.net *.youtube.com *.googleadservices.com *.ssl-images-amazon.com bat.bing.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.paypal.com *.loginwithamazon.com *.google.com bat.bing.com *.affirm.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-4xUrkWNvq8K1AFQ7k7DHJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PxswopsojnVjKz5mRh386w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com staticw2.yotpo.com www.google.com www.google.bg cdn.jsdelivr.net tag.rmp.rakuten.com static.zdassets.com cdn.cquotient.com cdn.scarabresearch.com p.cquotient.com static.zdassets.com static.scarabresearch.com orleb11111.pcapredict.com gsstatic.greenstory.ca e.cquotient.com cdnjs.cloudflare.com www.paypalobjects.com www.paypal.com cdn-vms-video-uploader.yotpo.com *.mention-me.com static-demo.mention-me.com *.toshi.co services.postcodeanywhere.co.uk *.adyen.com www.googletagmanager.com bat.bing.com t.contentsquare.net connect.facebook.net blob: *.clarity.ms www.googleadservices.com assets.pinterest.com *.onetrust.com *.messagebird.com www.googletagmanager.com https://cdn-ukwest.onetrust.com/consent/da25d605-c3a9-4108-8bf9-e7283ac64eca-test/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://www.orlebarbrown.com/ *.orlebarbrown.com https://www.google.com/recaptcha/ https://www.google.com/ www.google.com https://cdn.jsdelivr.net/npm/vanilla-lazyload@11.0.4/ https://cdn-ukwest.onetrust.com/scripttemplates/6.34.0/ https://static.zdassets.com/ekr/ static.zdassets.com https://cdn.cquotient.com/js/v2/ cdn.cquotient.com cdn.cquotient.com/js/ https://livechat.messagebird.com/ livechat.messagebird.com https://ocw.messagebird.com/ ocw.messagebird.com https://static.zdassets.com/web_widget/ static.zdassets.com/web_widget/ https://cdn.scarabresearch.com/js/1FE006F24AA5CC20/ cdn.scarabresearch.com/js/1FE006F24AA5CC20/ cdn.scarabresearch.com https://connect.facebook.net/en_US/ connect.facebook.net/en_US/ connect.facebook.net https://t.contentsquare.net/ t.contentsquare.net https://www.google-analytics.com/gtm/ www.google-analytics.com *.google-analytics.com https://p.cquotient.com/ p.cquotient.com https://www.google-analytics.com/ www.google-analytics.com *.google-analytics.com https://tag.rmp.rakuten.com/ tag.rmp.rakuten.com https://bat.bing.com/ bat.bing.com https://staticw2.yotpo.com/ staticw2.yotpo.com *.yotpo.com https://static.scarabresearch.com/wpjs/ https://www.google-analytics.com/plugins/ua/ https://www.google-analytics.com/plugins/ www.google-analytics.com/plugins/ua/ www.google-analytics.com/plugins/ https://connect.facebook.net/signals/plugins/ https://connect.facebook.net/signals/ https://connect.facebook.net/ connect.facebook.net/signals/plugins/ connect.facebook.net/signals/ connect.facebook.net t.contentsquare.net app.contentsquare.com www.googleoptimize.com https://*.googletagmanager.com https://*.sentry.io https://tags.rd.linksynergy.com/ tag.wknd.ai *.bounceexchange.com ajax.googleapis.com maps.googleapis.com www.gstatic.com https://www.gstatic.com/recaptcha/releases/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: *.teads.tv *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com; style-src 'unsafe-inline' 'self' staticw2.yotpo.com gsstatic.greenstory.ca unpkg.com cdnjs.cloudflare.com services.postcodeanywhere.co.uk *.adyen.com *.bounceexchange.com *.googleapis.com https://fonts.googleapis.com; base-uri 'self'; connect-src 'self' www.google-analytics.com staticw2.yotpo.com ekr.zdassets.com uat.tryzens-analytics.com recommender.scarabresearch.com webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com uat.tryzens-analytics.com:* static.zdassets.com stats.g.doubleclick.net orlebarbrown1599929019.zendesk.com i8.amplience.net api.yotpo.com backend2.greenstory.ca *.paypal.com w2.yotpo.com sessions.bugsnag.com services.postcodeanywhere.co.uk *.adyen.com *.mention-me.com c.contentsquare.net *.clarity.ms pro.ip-api.com *.onetrust.com *.messagebird.com https://www.tryzens-analytics.com:12280/gelf orlebarbrown.zendesk.com/embeddable/config nskjdz.orlebarbrown.com/events www.facebook.com https://orlebarbrown.zendesk.com/embeddable/ https://nskjdz.orlebarbrown.com/events https://www.facebook.com/tr/ www.facebook.com www.facebook.com/tr/ wss://widget-mediator.zopim.com/ wss://widget-mediator.zopim.com/s/W/ws/gBgBHIfzltmWBJuV/c/1650543592675 wss://widget-mediator.zopim.com/s/W/ws/gBgBHIfzltmWBJuV/c/ wss://widget-mediator.zopim.com/s/W/ws/gBgBHIfzltmWBJuV/ wss://widget-mediator.zopim.com/s/W/ws/ wss://widget-mediator.zopim.com/s/W/ wss://widget-mediator.zopim.com/s/ wss://widget-mediator.zopim.com/ widget-mediator.zopim.com *.zopim.com www.tryzens-analytics.com:12280 www.tryzens-analytics.com:12280/gelf www.tryzens-analytics.com https://orlebarbrown.zendesk.com/embeddable/config https://orlebarbrown.zendesk.com/embeddable/ https://orlebarbrown.zendesk.com/ orlebarbrown.zendesk.com/embeddable/config orlebarbrown.zendesk.com/embeddable/ orlebarbrown.zendesk.com/ orlebarbrown.zendesk.com *.zendesk.com https://nskjdz.orlebarbrown.com/events https://nskjdz.orlebarbrown.com/ nskjdz.orlebarbrown.com/events nskjdz.orlebarbrown.com https://orlebarbrown.zendesk.com/embeddable_blip https://orlebarbrown.zendesk.com/ orlebarbrown.zendesk.com/embeddable_blip orlebarbrown.zendesk.com/ orlebarbrown.zendesk.com *.zendesk.com wss://widget-mediator.zopim.com/s/W/ws/OZzV66bZO4kyn00B/c/1650544401688 wss://widget-mediator.zopim.com/s/W/ws/OZzV66bZO4kyn00B/c/ wss://widget-mediator.zopim.com/s/W/ws/OZzV66bZO4kyn00B/ wss://widget-mediator.zopim.com/s/W/ws/ wss://widget-mediator.zopim.com/s/W/ wss://widget-mediator.zopim.com/s/ wss://widget-mediator.zopim.com/ wss://widget-mediator.zopim.com wss://widget-mediator.zopim.com/s/W/ws/CNqTjpv01+HPjUH-/c/1650544395697 wss://widget-mediator.zopim.com/s/W/ws/CNqTjpv01+HPjUH-/c/ wss://widget-mediator.zopim.com/s/W/ws/CNqTjpv01+HPjUH-/ wss://widget-mediator.zopim.com/s/W/ws/ wss://widget-mediator.zopim.com/s/W/ wss://widget-mediator.zopim.com/s/ https://www.orlebarbrown.com/ www.orlebarbrown.com https://www.tryzens-analytics.com:12280/gelf www.tryzens-analytics.com:12280/gelf https://www.tryzens-analytics.com www.tryzens-analytics.com https://orlebarbrown.zendesk.com/embeddable/config orlebarbrown.zendesk.com/embeddable/config https://connect.facebook.net/signals/config/1641763702753509 connect.facebook.net/signals/config/1641763702753509 https://connect.facebook.net/en_US/ connect.facebook.net/en_US/ https://gsstatic.greenstory.ca/widgets/app/ https://gsstatic.greenstory.ca/widgets/ https://gsstatic.greenstory.ca/ gsstatic.greenstory.ca/widgets/app/ gsstatic.greenstory.ca/widgets/ gsstatic.greenstory.ca/ gsstatic.greenstory.ca https://integration-sandbox-cdn.toshi.co/3.0/ https://integration-sandbox-cdn.toshi.co/ integration-sandbox-cdn.toshi.co/3.0/ integration-sandbox-cdn.toshi.co/ integration-sandbox-cdn.toshi.co https://notify.bugsnag.com/ notify.bugsnag.com https://api.toshi.co/v2/modal_integrations/ https://api.toshi.co/v2/ https://api.toshi.co/ api.toshi.co/v2/modal_integrations/ api.toshi.co/v2/ api.toshi.co https://api.toshi.co/v2/availability/check_available https://api.toshi.co/v2/availability/ https://api.toshi.co/v2/ https://api.toshi.co/ api.toshi.co/v2/availability/check_available api.toshi.co/v2/availability/ https://api.toshi.co/v2/address/eligible https://api.toshi.co/v2/address/ api.toshi.co/v2/address/eligible api.toshi.co/v2/address/ https://api.toshi.co/v2/orders api.toshi.co/v2/orders staging.api.toshi.co *.contentsquare.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com https://*.sentry.io https://api.greenstory.ca/api/ https://bat.bing.com/ *.google.co.uk *.google.com.sa *.google.dk *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net pffrqe.orlebarbrown.com maps.googleapis.com https://*.googleapis.com https://*.gstatic.com data: blob: *.teads.tv *.google.bg *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com; font-src 'self' data: *.yotpo.com cdnjs.cloudflare.com *.toshi.co *.bounceexchange.com *.googleapis.com fonts.gstatic.com https://fonts.gstatic.com; frame-src 'self' snapshortsapp.orlebarbrown.co.uk player.vimeo.com *.adyen.com www.facebook.com mention-me.com *.messagebird.com livechat.messagebird.com https://livechat.messagebird.com/ https://ocw.messagebird.com/ ocw.messagebird.com csxd.orlebarbrown.com https://*.sentry.io *.bounceexchange.com tags.rd.linksynergy.com *.google.com *.adobe.com *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com; img-src 'self' data: http://cdn.media.amplience.net https://cdn.media.amplience.net http://i8.amplience.net https://i8.amplience.net i1.adis.ws x1.adis.ws *.orlebarbrown.com *.yotpo.com www.google.bg gsstatic.greenstory.ca yotpo-editor-production.s3.amazonaws.com *.paypal.com *.adyen.com track.linksynergy.com *.mention-me.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://liberty.a.bigcontent.io/v1/static/blank-placeholder bat.bing.com c.contentsquare.net *.clarity.ms *.linksynergy.com *.bing.com *.onetrust.com https://integration-sandbox-cdn.toshi.co/3.0/ https://integration-sandbox-cdn.toshi.co/ integration-sandbox-cdn.toshi.co/3.0/ integration-sandbox-cdn.toshi.co/ integration-sandbox-cdn.toshi.co https://connect.facebook.net/log/ https://connect.facebook.net/ connect.facebook.net/ connect.facebook.net *.contentsquare.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com https://*.sentry.io https://orlebarbrown.a.bigcontent.io/ https://cfvod.kaltura.com/ *.bounceexchange.com *.bouncex.net www.paypalobjects.com maps.googleapis.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.teads.tv *.cdnwidget.com *.pinterest.com *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com; child-src 'self' blob: *.bounceexchange.com; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' cdn.media.amplience.net i1.adis.ws i8.amplience.net cdn.static.amplience.net https://static.zdassets.com/web_widget/latest/classic/ https://static.zdassets.com/web_widget/latest/ https://static.zdassets.com/web_widget/ https://static.zdassets.com/ static.zdassets.com/web_widget/latest/classic/ static.zdassets.com/web_widget/latest/ static.zdassets.com/web_widget/ static.zdassets.com/ static.zdassets.com https://*.sentry.io *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com; form-action 'self' *.orlebarbrown.com *.facebook.com *.bounceexchange.com *.playground.klarna.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.google.com *.paypal.com *.paypalobjects.com *.adyen.com *.ometria.com cdn-ometria-com.s3-eu-west-1.amazonaws.com;  report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'self'; default-src 'self' https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org http://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com http://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com http://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com http://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com http://*.instagram.com *.instagram.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com http://*.google.com *.google.com https://*.google.co.uk http://*.google.co.uk *.google.co.uk https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://*.facebook.com http://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com http://*.instagram.com *.instagram.com https://*.licdn.com http://*.licdn.com *.licdn.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com https://*.moatads.com http://*.moatads.com *.moatads.com https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
script-src 'strict-dynamic' 'self' 'nonce-S4/L5UiCRoYyh3FT80GmXg==' 'report-sample'; report-uri /yusaauth.onmicrosoft.com/B2C_1_SignInUp/client/cspreport?p=B2C_1_SignInUp 1
object-src 'none';base-uri 'self';script-src 'nonce-0W67fE8oVRN5a0Uk_3Ia2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com 'unsafe-inline' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.fetchify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.kaptcha.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.google.co.uk *.windows.net *.hsforms.net *.hsforms.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.klarna.com *.klarnacdn.net *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.cardinalcommerce.com *.braintreegateway.com *.klevu.com *.ksearchnet.com *.newrelic.com *.nr-data.net *.yotpo.com *.hsforms.net *.hsforms.com *.googleapis.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cc-cdn.com *.klarnacdn.net unsafe-inline *.fontawesome.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.typekit.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.nr-data.net *.hsforms.net *.hsforms.com *.webgains.io *.hub-box.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-Z6fJl6d/2uPr1BuDqjFXMA=='; report-uri https://send.hsbrowserreports.com/csp/report; 1
font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com use.fontawesome.com fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com js.mollie.com *.twitter.com *.hotjar.com *.criteo.com *.criteo.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com *.gstatic.com *.googleapis.com www.apptrian.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.zopim.com *.zopim.io flagpedia.net https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com bat.bing.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.google.de *.bidswitch.net *.doubleclick.net *.adnxs.com *.360yield.com *.media.net *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.criteo.com *.krxd.net *.thebrighttag.com *.yahoo.com *.casalemedia.com *.emxdgt.com *.yieldmo.com *.yieldlab.net *.tremorhub.com *.pubmatic.com *.mediavine.com *.ivitrack.com *.id5-sync.com *.omnitagjs.com *.adform.net *.3lift.com *.teads.tv *.twiago.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.zopim.com *.zdassets.com maps.googleapis.com js.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com bat.bing.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.tiktok.com *.facebook.net *.hotjar.com *.deinetorte.de *.pingdom.net *.criteo.com *.yotpo.com swellrewards.com *.swellrewards.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.zdassets.com *.zopim.com widget-mediator.zopim.com www.gstatic.com maps.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.cloudflare.com *.twitter.com *.twimg.com *.zendesk.com *.tiktok.com *.facebook.com *.pingdom.net wss://widget-mediator.zopim.com *.google-analytics.com *.doubleclick.net *.deinetorte.de *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.deinetorte.de/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-6r2XMCb93lwjQF-t4q9Pkg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-TgZEVEGa5+uj1d0Xmb48SzWZ9xOm4IUb2kNwb9gcPZU='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-9ZjZ3bJQ65XzvXVKx_4Rng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://themes.googleusercontent.com/ https://data.rivm.nl/ https://apps.geodan.nl https://acc.apps.geodan.nl https://geodata.rivm.nl https://acceptatie.geodata.rivm.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://data.rivm.nl/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://data.rivm.nl/ https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://data.rivm.nl https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; frame-src https://data.rivm.nl *.woondossier.nl; frame-ancestors 'self' www.atlasleefomgeving.nl *.gezondeleefomgeving.nl *.woondossier.nl roosendaal.incijfers.nl *.nhnieuws.nl schievenkeizer.nl schievenkeizer.stijlgenoten.nl; child-src https://*.nhnieuws.nl https://*.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 1
default-src 'self'; form-action 'self'; frame-ancestors 'self'; script-src 'self' https://www.google-analytics.com; connect-src 'self'; object-src 'none'; 1
script-src http: https: *.phoebephilo.com https://abd3-38d62d1bc3ff-prod.phoebephilo.com/ 'nonce-nwDLUISJOIicckkHYSWVdV7XxJMbxudHj37IYrSoroHbc'; style-src 'self' *.phoebephilo.com blob: https: 'unsafe-inline' https://abd3-38d62d1bc3ff-prod.phoebephilo.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adyen.com *.paypal.com *.inside-graph.com *.phoebephilo.com 1
font-src fonts.gstatic.com use.typekit.net yotpo.com 'self' data: 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.amazonaws.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://use.typekit.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com yotpo.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' data: 'unsafe-inline' data: *.authorize.net *.sandbox.paypal.com *.vimeo.com *.googletagmanager.com *.cardinalcommerce.com *.magentocommerce.com cdn.dnky.co www.youtube.com *.hotjar.com *.google.com/ www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com swellrewards.com *.swellrewards.com connect.facebook.net *.doubleclick.net *.expertvoice.com *.acsbapp.com https://www.paypalobjects.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com nytrng.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: 'unsafe-inline' data: *.sandbox.paypal.com *.ytimg.com yotpo.com www.facebook.com *.ssl-images-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com *.magentocommerce.com *.cloudfront.net *.gstatic.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud connect.facebook.net *.adnxs.com *.amplifi.io *.quantserve.com *.mediaiqdigital.com *.doubleclick.net *.hotjar.com *.acgbrands.com https://acgbrands.com *.acsbapp.com alb.reddit.com *.google.co.in i.liadm.com us-central1-addshoppers-data-production.cloudfunctions.net www.apptrian.com facebook.com graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.magezon.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com 'self' data: 'unsafe-inline' data: *.authorize.net *.googleadservices.com *.paypalobjects.com *.braintreegateway.com *.sandbox.paypal.com *.ytimg.com *.google.com/ vimeo.com *.cardinalcommerce.com *.ccdc02.com *.magentocommerce.com *.cloudfront.net google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com www.facebook.com *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com https://storage.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com *.quantcount.com *.quantserve.com *.doubleclick.net *.experticity.com *.dwin1.com *.expertvoice.com *.acsbapp.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com https://shop.pe https://shopper.shop.pe/input.js https://infinity-public-js.500apps.com/widget.min.js *.500apps.com *.redditstatic.com addshoppers.s3.amazonaws.com www.apptrian.com facebook.com graph.facebook.com *.ddlnk.net debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com s7.addthis.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com 'self' data: 'unsafe-inline' data: getfirebug.com *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com cdn.dnky.co *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com *.dotdigital.com swellrewards.com *.swellrewards.com connect.facebook.net https://cdnjs.cloudflare.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://p.typekit.net yotpo.com webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io 'self' data: 'unsafe-inline' data: *.cloudfront.net *.magentocommerce.com api.comapi.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.cardinalcommerce.com *.zendesk.com *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com connect.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com swellrewards.com *.swellrewards.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com *.experticity.com *.grin.co *.acsbapp.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com shopper.shop.pe app.shop.pe *.acgbrands.com nytrng.com ws2.hotjar.com shop.pe wss://*.hotjar.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com google.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SYLK-ZNKLlyGha6M3Q7Dlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cookies.alterramtnco.com bat.bing.com *.clarity.ms cdn.inbenta.io *.facebook.net cdn.cookielaw.org aws-cdn.inntopia.com mtnpowder.com ka-p.fontawesome.com www.pages08.net www.googletagmanager.com *.everesttech.net apolloprogram.io api.trustyou.com session-replay.browser-intake-us3-datadoghq.com kit.fontawesome.com api.mapbox.com v4.mtnfeed.com *.facebook.com *.doubleclick.net lifts-and-trails.netlify.app blog.solitudemountain.com cdn.sanity.io *.vimeo.com *.demdex.net adservice.google.com *.onetrust.com assets.adobedtm.com www.google.com use.typekit.net i.vimeocdn.com www.inntopia.travel sdk.inbenta.io analytics.google.com *.omtrdc.net www.sc.pages08.net vimeo.com edge.adobedc.net *.gstatic.com p.typekit.net images.inntopia.com www.datadoghq-browser-agent.com rum.browser-intake-us3-datadoghq.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-BX9iIkom_IukEEJBmaEX7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.becharming.com becharming.com *.fbcdn.net device.maxmind.com *.cloudmaestro.com *.googleapis.com connect.facebook.net s7.addthis.com *.google-analytics.com *.cloudfront.net secure.quantserve.com *.trustpilot.com bat.bing.com rules.quantcount.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.authorize.net; worker-src 'self' blob: *.becharming.com; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-JRaz4z87bXKn-2yRPFxqZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-d824308f4aeb4b6492048f2d70d8782a' https://www.mcleodmychart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mcleodmychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src https://*.mailcampaigns.nl https://widgets.trustedshops.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com https://*.hotjar.com https://*.doubleclick.net *.weltpixel.com https://maps.google.com/ *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://*.bing.com https://*.google-analytics.com https://*.google.nl https://*.google.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.chromeburner.test blob: https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl *.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bing.com https://*.google-analytics.com https://*.webgains.io https://*.clarity.ms https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com widget.freshworks.com m2epro.freshdesk.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.mailcampaigns.nl widget.freshworks.com m2epro.freshdesk.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.clarity.ms https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com widget.freshworks.com m2epro.freshdesk.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-431d5c6bbd1a432196135cc0dcca6fb5' https://myceentachart.com 'self';img-src https://* 'self' blob: data:;style-src https://myceentachart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-WeEXptJOmw2FEwiOE8hEnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; connect-src 'self' stats.peer.biz; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it  www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.rumiview.com/containers/43a4f5d7-295c-4552-9fe2-f9cba99ab230.js https://cmp.osano.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://hello.myfonts.net https://hello.myfonts.net https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://assets.adobedtm.com https://cdn.ampproject.org https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.recaptcha.net https://www.rumiview.com/ppms.js https://www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-uri https://www.vyaire.com/log-report-uri/report-only 1
object-src 'none';base-uri 'self';script-src 'nonce-eAzDX_B4ldXSmSU03W_uRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9x_p0xOSBm9iZ7fyRgzcjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.gstatic.com data: https://geowidget.easypack24.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com account.fetchify.com https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com api.createx-editor.com *.facebook.com *.facebook.net *.hotjar.com/ *.pinterest.com/ *.webpower.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com www.magmodules.eu *.squeezely.tech api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.goedgemerkt.nl goedgemerkt.nl *.bing.com/ *.trengo.eu/ *.pinterest.com *.amazonaws.com/ *.feefo.com/ *.salesfire.co.uk *.cloudflare.com squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com maps.gstatic.com fonts.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl squeezely.tech www.squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com *.hotjar.com/ *.facebook.com/ *.facebook.net/ api.your-printq.com/ *.bing.com/ *.tiktok.com/ *.widget.trengo.eu/ *.pinimg.com/ *.feefo.com/ *.salesfire.co.uk *.googleoptimize.com/ s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline cc-cdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.trustpilot.com fonts.gstatic.com *.cloudflare.com *.feefo.com/ *.salesfire.co.uk cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.trengo.eu/ api.createx-editor.com work.cloudlab.at:9012 localhost:8080 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.trustpilot.com *.tiktok.com *.pinterest.com *.widget.trengo.eu/ *.hotjar.com/ stats.g.doubleclick.net/ *.google-analytics.com/ *.goedgemerkt.nl gtmss.bienmarquer.fr *.feefo.com/ *.smartmetrics.co.uk *.salesfire.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9X7fqfgdnW4j3eoHwfg3ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-w9z__u5OmT9W4wEsqMNahQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Dn5lCw-cRErD52ZzgT8GYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xCKuhmwXOO691pH6yJaO1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-fxTkmeGiXF5b44q2wOAn7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com *.static.klaviyo.com static.klaviyo.com *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com https://www.merchante-solutions.com https://hostedpayments.merchante.com https://merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.doubleclick.net www.activemerchandiser.com my.matterport.com ct.pinterest.com *.cdn-lg.accentdecor.com https://www.googletagmanager.com/ magento-cloudflare.jetrails.com www.youtube.com *.google.com/ https://merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com maps.gstatic.com https://www.magezon.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com developers.google.com maps.googleapis.com *.accentdecor.com *.doubleclick.net ct.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.curalate.com *.mailchimp.com *.paypal.com *.googletagmanager.com *.googleanalytics.com *.merchante-solutions.com *.adobetm.com *.braintreegateway.com *.yotpo.com js-agent.newrelic.com bam.nr-data.net chimpstatic.com eastprodcdn.azureedge.net mc.us1.list-manage.com *.accentdecor.com  maps.googleapis.com *.fullstory.com s.pinimg.com *.cloudfront.net *.static.cloudflareinsights.com static.cloudflareinsights.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.ajax.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com *.static-tracking.klaviyo.com static-tracking.klaviyo.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.curalate.com *.amazonpay.com *.amazon.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com  maps.googleapis.com *.fullstory.com *.velaro.com ct.pinterest.com *.analytics.google.com *.google-analytics.com https://analytics.google.com *.cloudflareinsights.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com https://writer.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.typekit.net *.stripe.com *.yotpo.com *.googleapis.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com *.oct8ne.com *.doubleclick.net *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com *.weltpixel.com *.addthis.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.amazonaws.com *.cookielaw.org *.doubleclick.net *.spoteffects.net *.google.de *.google.ch *.google.lu *.google.com.ua *.bing.com *.monetate.net *.amorana.ch cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com app-wallee.com *.ggpht https://img.youtube.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.sovendus.com *.klaviyo.com *.zendesk.com *.zdassets.com *.zopim.com *.mfgroup.ch *.cookielaw.org *.onetrust.com *.adform.net *.adt311.net *.spoteffects.net *.monetate.net *.bing.com *.clarity.ms cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com s7.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.klaviyo.com *.doofinder.com https://static.klaviyo.com *.yotpo.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.stripe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.sovendus.com *.zendesk.com *.zopim.com *.cookielaw.org *.onetrust.com wss://*.zopim.com/ *.googlesyndication.com/ *.mfgroup.ch *.doofinder.com wss://*.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com ekr.zdassets.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com *.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
font-src https://cdn.checkout.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.useinsider.com www.searchanise.com *.searchserverapi.com *.twitter.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.useinsider.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.useinsider.com *.klarna.com *.klarnaservices.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.googletagmanager.com *.facebook.net *.mention-me.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.useinsider.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.amplitude.com stats.g.doubleclick.net *.google-analytics.com *.mention-me.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.facebook.net *.facebook.com *.projectplanet.us *.braintreegateway.com maxcdn.bootstrapcdn.com *.google.com *.google.co.in *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.facebook.net https://www.facebook.com *.projectplanet.us *.braintreegateway.com *.youtu.be *.youtube.co https://www.google.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.co.in *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.pinterest.com *.paypal.com *.twitter.com *.google.com *.google.co.in *.twimg.com *.projectplanet.us www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com unpkg.com *.facebook.net *.pinterest.com *.paypal.com *.google-analytics.com *.google.com *.projectplanet.us js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.google.co.in *.facebook.com *.googleadservices.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.gundamplanet.com *.figurise.com *.planetconnection.org cdn.routeapp.io fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com unpkg.com *.pinterest.com *.twimg.com *.twitter.com *.projectplanet.us maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.gundamplanet.com *.figurise.com *.planetconnection.org fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.facebook.net *.google-analytics.com *.pinterest.com *.paypal.com *.twitter.com *.doubleclick.net *.twimg.com *.projectplanet.us *.braintree-api.com *.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com *.google.co.in *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.gundamplanet.com/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-JdAlLOE_5Z7AZJ8C-sr1qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com www.googleadservices.com blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com js.monitor.azure.com static.hotjar.com script.hotjar.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com 1
font-src fonts.gstatic.com use.typekit.net https://*.yotpo.com https://www.catchmarketingservices.com https://mktdplp102cdn.azureedge.net https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com https://acsbapp.com https://cdn.acsbapp.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://bat.bing.com https://forms.hubspot.com https://zendesk-eu.my.sentry.io https://commerce.adobedc.net https://stats.g.doubleclick.net maxcdn.bootstrapcdn.com *.punchout2go.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.google.com https://www.gstatic.com 'self' data: https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com *.punchout2go.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.svc.dynamics.com *.azureedge.net *.punchout2go.com *.wesupply.xyz https://wesupplylabs.com *.yotpo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://services.postcodeanywhere.co.uk https://www.google.com https://www.gstatic.com https://*.hubspot.com https://*.yotpo.com https://www.catchmarketingservices.com https://mktdplp102cdn.azureedge.net https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com https://acsbapp.com https://cdn.acsbapp.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://bat.bing.com https://forms.hubspot.com https://zendesk-eu.my.sentry.io https://assets.adobedtm.com https://commerce.adobedc.net https://stats.g.doubleclick.net *.punchout2go.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://*.bing.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://*.resultspage.com https://*.resultsstage.com https://*.hsleadflows.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.newrelic.com https://*.nr-data.net https://*.yotpo.com https://www.catchmarketingservices.com https://mktdplp102cdn.azureedge.net https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com https://acsbapp.com https://cdn.acsbapp.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://bat.bing.com https://forms.hubspot.com https://zendesk-eu.my.sentry.io https://commerce.adobedc.net https://stats.g.doubleclick.net *.punchout2go.com *.cloudflare.com *.yotpo.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://services.postcodeanywhere.co.uk https://www.google.com https://www.gstatic.com 'self' data: https://*.yotpo.com https://www.catchmarketingservices.com https://mktdplp102cdn.azureedge.net https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com https://acsbapp.com https://cdn.acsbapp.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://bat.bing.com https://forms.hubspot.com https://zendesk-eu.my.sentry.io https://commerce.adobedc.net https://stats.g.doubleclick.net maxcdn.bootstrapcdn.com *.punchout2go.com *.yotpo.com *.googleapis.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://*.bing.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://bam.nr-data.net https://forms.hubspot.com https://*.spectrumrx.com https://*.spectrumchemical.com https://*.yotpo.com https://www.catchmarketingservices.com https://mktdplp102cdn.azureedge.net https://e83d59803e974bff844c4dafa42e633a.svc.dynamics.com https://acsbapp.com https://cdn.acsbapp.com https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://bat.bing.com https://zendesk-eu.my.sentry.io https://commerce.adobedc.net https://stats.g.doubleclick.net *.punchout2go.com https://api.postgrid.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *.microbilt.com *.creditcommander.com weimark.com *.weimark.com;script-src *.microbilt.com *.creditcommander.com weimark.com *.weimark.com static.zdassets.com *.thawte.com *.gstatic.com *.jquery.com 'unsafe-eval' 'unsafe-inline';style-src 'unsafe-inline' *.microbilt.com *.creditcommander.com weimark.com *.weimark.com https://fonts.googleapis.com https://secure.authorize.net *.gstatic.com;img-src *.microbilt.com *.firstresearch.com https://i.ibb.co https://secure.authorize.net https://verify.authorize.net *.creditcommander.com weimark.com *.weimark.com https://*.google-analyitics.com https://maps.googleapis.com https://svgshare.com https://use.typekit.com *.gstatic.com data:;connect-src *.microbilt.com *.creditcommander.com weimark.com *.weimark.com weimark.zendesk.com ekr.zdassets.com;font-src https://fonts.gstatic.com *.microbilt.com *.creditcommander.com weimark.com *.weimark.com https://static3.avast.com;frame-src *.microbilt.com *.microbilt.com:51980 *.creditcommander.com weimark.com *.weimark.com;object-src *.microbilt.com *.creditcommander.com weimark.com *.weimark.com;report-uri https://creditserver.microbilt.com/webservices/SecurityPolicyReports/api/cspReport/ 1
default-src 'none'; img-src 'self' data: uploads-ssl.webflow.com d1otoma47x30pg.cloudfront.net d3e54v103j8qbb.cloudfront.net; script-src 'self' 'unsafe-inline'; font-src 'self' data: uploads-ssl.webflow.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; manifest-src 'self'; connect-src webflow.com member.civsoc.net; 1
object-src 'none';base-uri 'self';script-src 'nonce-Hu1N8mcCj4Ua7pNWZfeOvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com;  1
default-src             'self';           script-src             https://aa.trkn.us             https://cdnjs.cloudflare.com             https://googleads.g.doubleclick.net             https://maps.googleapis.com             https://siteimproveanalytics.com             https://tether.netteller.com             https://www.google-analytics.com             https://www.googletagmanager.com             'sha256-2hXYXDfmvwagweWY7gmdkZ1lFjLAs5wmZ7+U5E1nUD8='             'sha256-2R8ALhafAUPjarc/ffRhKRD1lOXXOzjdXBdW3YX05FY='             'sha256-3FVHx22iFHRnGsNlxnotPezUgEE+FXZV4GoutevZYhg='             'sha256-Bc0XXxbDJ30i6cKoAriL2TzZ7lcuQmxvGXs+6D5XDO8='             'sha256-edTyfjWzCOPYfwfJ64huNJpZwfpr85rA4BE/Tu3z5Hk='             'sha256-f9Hy3sg0kxLMdIHAJV11BMG3f1rNgtZRIKX7UyNYQ/4='             'sha256-GF6oB0zJhswmdCnWaOxjIiSTEgnC+Pk//uMS6J9dCwY='             'sha256-i+pFLIGjed/74IwF9iAApsWjGPIrMa2lc4kf3q+pZGo='             'sha256-LFYKQb0V6sIbrGim4ds4NpETuXKlzxOECT6LGK4lDcs='             'sha256-Tpoh6ZINUJwL9nF7Q1G5lfrlo44MGkAQ6zHU2+Spjv8='             'self';           connect-src             https://analytics.google.com             https://maps.googleapis.com             https://stats.g.doubleclick.net             https://www.google-analytics.com             'self';           style-src             'sha256-ItyeOPw5uBHXmfHPL9fI0j1hDT09DqJ1tYyBz3rUmMk='             'sha256-Kj8V1fMezvAfAf79qgarNnSJqVHpoblubcEpoGw072k='             'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0='             'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0='             'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0='             'sha256-p/tXUQ8I9ZuDeLM4rk/xh6/o7MxhJpe7Rc5Xsynd/Us='             'sha256-PlYLof7qgXtaadVVF3LwKrE1QRUvjklthFXZgp6ocXg='             'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc='             'sha256-UzQ0CvJPjoK3HbwAyuxShSToIhZyu+Ui7PLzZayFo+k='             'self';           img-src             https://24535.global.siteimproveanalytics.io             https://cnv.event.prod.bidr.io             https://d21y75miwcfqoq.cloudfront.net             https://insight.adsrvr.org             https://ups.analytics.yahoo.com             https://www.google.com             https://www.googletagmanager.com             'self';           form-action             'self';           object-src             'none';           frame-src             https://aa.trkn.us             'self';           frame-ancestors             https://accounts.watrust.com;           upgrade-insecure-requests;           block-all-mixed-content;           report-to             tines;           report-uri #{cspReportToUri}# 1
worker-src *.oklahomajoes.com blob:; font-src *.narvar.com *.narvar.qa *.fontawesome.com *.google.com s3.lightboxcdn.com data: *.acsbapp.com *.bazaarvoice.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://www.googletagmanager.com/ *.google.com/ ssl.kaptcha.com *.quiq-cdn.com *.pinterest.ca *.pinterest.com *.touchcommerce.com *.inq.com *.digital.nuance.com *.doubleclick.net *.google.com *.facebook.com *.googlesyndication.com *.bazaarvoice.com *.twitter.com *.quiq-api.com *.attn.tv creatives.attn.tv optimize.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com *.narvar.com *.narvar.qa cdn.cookielaw.org idsync.rlcdn.com *.stackadapt.com *.thefontzone.com thefontzone.com *.google.ca *.googletagmanager.com *.google.com *.clarity.ms *.pinterest.com *.bazaarvoice.com *.bing.com t.co *.lightboxcdn.com *.contentsquare.net *.xg4ken.com *.doubleclick.net *.salsify.com *.wcbradley.com *.twitter.com *.acsbapp.com optimize.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com *.plugins.emarsys.net *.scarabresearch.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ *.qvdt3feo.com *.stackadapt.com *.thefontzone.com thefontzone.com js.narvar.com cdn.attn.tv analytics.tiktok.com *.touchcommerce.com *.quiq-api.com *.cookielaw.org *.pinterest.com *.quiq-cdn.com *.clarity.ms *.google.ca *.inq.com *.digital.nuance.com *.newrelic.com *.google.com *.adobedtm.com *.bazaarvoice.com *.cloudfront.net *.nr-data.net *.xg4ken.com *.acsbap.com *.acsbapp.com acsbap.com acsbapp.com *.pinimg.com *.ads-twitter.com *.twitter.com *.contentsquare.net *.doubleclick.net *.bing.com *.gstatic.com *.lightboxcdn.com *.azurewebsites.net *.magentocommerce.com *.atdmt.com t.co *.googlesyndication.com *.facebook.com *.mczbf.com *.tiles.mapbox.com *.googleoptimize.com optimize.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.stackadapt.com *.touchcommerce.com *.inq.com *.digital.nuance.com *.oklahomajoes.com *.lightboxcdn.com *.bazaarvoice.com *.twitter.com *.tiles.mapbox.com optimize.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.narvar.com *.narvar.qa *.touchcommerce.com *.inq.com *.digital.nuance.com *.google.com *.atdmt.com *.bazaarvoice.com *.bing.com *.contentsquare.net *.pinterest.com t.co *.lightboxcdn.com *.twitter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com *.scarabresearch.com *.eservice.emarsys.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stackadapt.com *.thefontzone.com thefontzone.com analytics.tiktok.com oklahomajoes.attn.tv *.cookielaw.org *.onetrust.com *.quiq-api.com *.clarity.ms *.newrelic.com *.google.com *.pinterest.com *.contentsquare.net *.bazaarvoice.com *.acsbap.com *.acsbapp.com *.nr-data.net *.facebook.com *.twitter.com *.dpm.demdex.net *.mapbox.com bat.bing.com *.mczbf.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.oklahomajoes.com http: https: blob: 'self' 'unsafe-inline'; default-src *.touchcommerce.com *.inq.com *.digital.nuance.com *.scarabresearch.com *.newrelic.com *.google.com *.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'sha256-fowkKyEQi1SMOmkzKHVR3kVRCxAkb7eITj4LYDwWuwE=' 'sha256-NmZgHsyoB9XJ6Wd+G4VMaoO3gnTIG8KiH+uVcxOeeoc=' 'sha256-qwhoBj+FiypvTPR3eQkqsvLUkSeShbVBRVleFpBWM0g=' https://translate.googleapis.com https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://*.googletagmanager.com https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.containers.piwik.pro/; style-src 'unsafe-inline' 'self' https:; object-src 'self'; base-uri 'self'; connect-src 'self' https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.piwik.pro https://justiceinitiative.containers.piwik.pro; font-src 'self' https:; frame-src 'self' https://www.youtube.com https://*.googletagmanager.com; img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://osjicontent.imgix.net https://*.google-analytics.com; manifest-src 'self'; media-src 'self';  worker-src 'none'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-78f901ee83834ddbba07a35c505d60a5' https://myconnection.org 'self';img-src https://* 'self' blob: data:;style-src https://myconnection.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.userway.org static-tracking.klaviyo.com *.hotjar.com cdn.jsdelivr.net ka-p.fontawesome.com api-cdn.yotpo.com staticw2.yotpo.com metrics.hotjar.io content.hotjar.io solidaffiliate.com cdn.acsbapp.com p.yotpo.com static.klaviyo.com *.algolia.net cdn.usefathom.com bam.nr-data.net api.userway.org maxcdn.bootstrapcdn.com www.paypalobjects.com kit.fontawesome.com insights.algolia.io cdn77.api.userway.org cdnjs.cloudflare.com *.googleapis.com *.gstatic.com fast.a.klaviyo.com vc.hotjar.io *.cloudfront.net acsbapp.com a.klaviyo.com static-forms.klaviyo.com api.yotpo.com *.algolianet.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-EuMjfZs2qjSq41dq4LLL-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.corelogic.com https://code.jquery.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://ka-f.fontawesome.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.corelogic.com https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://gateway.foresee.com/ http://gateway.foresee.com/ https://www.googletagmanager.com/ https://content.realquest.com/ https://maxcdn.bootstrapcdn.com/ https://h.online-metrix.net/; img-src 'self' data: *.googleapis.com *.google-analytics.com *.online-metrix.net *.corelogic.com https://gateway.foresee.com/ https://maps.gstatic.com/ https://www.google.com/ https://code.jquery.com/ https://content.realquest.com/ https://www.googletagmanager.com/ https://dummyimage.com/ https://lh3.ggpht.com/; connect-src 'self' *.google-analytics.com *.realquest.com https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://ka-f.fontawesome.com/; frame-src 'self' *.online-metrix.net *.opendns.com *.realquest.com https://play.vidyard.com/ https://players.brightcove.net/; object-src 'none'; frame-ancestors 'self';report-uri /csp/report-uri; 1
default-src 'self' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-t/TV4mVvsYyRRmzsnJQxH1M3PIzrTM9N75vZsHK6c4M=' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-pYWcJjjKJnzi2yBJOfVkAfTNrsK/E+MNH568k1drRPI=' 'sha256-vUydzT54GHFfwMPUOeoneQwFc+pC3UksVfFvuIWzASE=' 'sha256-SoHnkEPpU2G9fb1LfNfymxNjOkYyBXDXjOJ45prpt7M=' 'sha256-oOseNGdaZnme5+nP+y+P0sg6v8Jct4ZgizgbYq+5Xd0=' https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-8bf1e8a071aa4e8ab4ea8cc9c48d7e4c' https://mychart.et1013.epichosted.com 'self';img-src https://* 'self' blob: data:;style-src https://mychart.et1013.epichosted.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-6750057056004e839c2e5e936e045fb3' https://www.mybassetthealthconnection.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mybassetthealthconnection.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action https://seo.mageplaza.com www.facebook.com my.pgcruises.com 'self' 'unsafe-inline'; frame-ancestors wordpress.pgcruises.com 'self'; frame-src libs.hipay.com media.ponant.com *.youtube.com *.google.com td.doubleclick.net asset.easydmp.net www.facebook.com *.vimeo.com wordpress.pgcruises.com my.pgcruises.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com s.ytimg.com validate.fishpig.co.uk *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com www.googletagmanager.com *.pgcruises.com wordpress.pgcruises.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com libs.hipay.com mpsnare.iesnare.com maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net lib.paymentjs.firstdata.com js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.en25.com *.vimeo.com wordpress.pgcruises.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com s.adroll.com wordpress.pgcruises.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.ponant.com *.pgcruises.com wordpress.pgcruises.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stage-data.hipay.com bat.bing.com data.ponant.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' use.typekit.net/af/ d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/ cdn.myalex.com/ localhost:* host.docker.internal:* data:; img-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ localhost:* host.docker.internal:* data:; object-src 'none'; script-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ chat.myalex.com/widget.js localhost:* host.docker.internal:* 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: localhost:* host.docker.internal:* p.typekit.net/p.css d2e0vf92j9kzr0.cloudfront.net/ data: d1p8b7m2zl7a4f.cloudfront.net use.typekit.net/nwy7lbs.css cdn.myalex.com/ 'unsafe-inline'; frame-src 'self' https: login.myalex.com localhost:* host.docker.internal:* chat.datatrough.com/; connect-src 'self' https: localhost:* host.docker.internal:* ingest-dev.jellydevs.com/ data: audio.myalex.com/ d2e0vf92j9kzr0.cloudfront.net d1p8b7m2zl7a4f.cloudfront.net; media-src 'self' https: d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=952b0e8e&env=production 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://wowlazymacros.com/logs/ https://wowlazymacros.com/sidekiq/ https://wowlazymacros.com/mini-profiler-resources/ https://wowlazymacros.com/assets/ https://wowlazymacros.com/brotli_asset/ https://wowlazymacros.com/extra-locales/ https://wowlazymacros.com/highlight-js/ https://wowlazymacros.com/javascripts/ https://wowlazymacros.com/plugins/ https://wowlazymacros.com/theme-javascripts/ https://wowlazymacros.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://s.nitropay.com/ads-1377.js https://wow.zamimg.com/widgets/power.js https://code.highcharts.com/highcharts.js https://bloodmallet.com/js/bloodmallet_chart_import.min.js https://embed.twitch.tv/embed/v1.js https://embed.twitch.tv/ https://player.twitch.tv/? https://*.twitch.tv https://wow.zamimg.com/widgets/power.js https://s.nitropay.com/ads-1377.js https://*.nitropay.com https: 'unsafe-inline' https://raw.githubusercontent.com/lcestou/prebid-ads/main/prebid-ads.js https://wowlazymacros.com/uploads/default/original/2X/d/deb0eaf1d057581495509d0dcf71a737334c98c7.js; worker-src 'self' https://wowlazymacros.com/assets/ https://wowlazymacros.com/brotli_asset/ https://wowlazymacros.com/javascripts/ https://wowlazymacros.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com *.gstatic.com 'self' data: https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.klarna.com *.google.com/ vars.hotjar.com ssl.hurra.com cdn.consentmanager.net googletagmanager.com www.paypalobjects.com googleads.g.doubleclick.net payment.unzer.com https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com googleadservices.com *.consentmanager.net widgets.trustedshops.com static.unzer.com google.com www.google.de paypal.com sc.bausep.de *.bausep.de bs-magento2-master.phoenix-media.cloud *.bing.com *.hsforms.net *.hsforms.com 'self' data: https://static.unzer.com *.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com ssl.hurra.com googletagmanager.com *.consentmanager.net widgets.trustedshops.com *.hotjar.com *.g.doubleclick.net payment.unzer.com *.bausep.de *.bing.com *.hsforms.net *.hsforms.com *.gstatic.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.klarnaevt.com *.klarnaservices.com *.bausep.de ssl.hurra.com *.hotjar.com googletagmanager.com google.de google.com www.google.de www.google.com *.g.doubleclick.net payment.unzer.com *.bing.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://h.online-metrix.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' *.cloudflare.com *.intercom.io *.intercomcdn.com *.vimeo.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.juicer.io *.typography.com *.intercomassets.com *.wellthy.com *.mxpnl.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.linkedin.com *.hubspot.com *.sentry-cdn.com *.sentry.io *.cloudflareinsights.com *.hscollectedforms.com *.hs-analytics.net *.hs-banner.com *.googleadservices.com *.hs-scripts.com *.hscollectedforms.net *.wlthy.cloud *.sprig.com data: wellthy-application-production-wellthy-com-media.s3.amazonaws.com; script-src 'self' *.cloudflare.com *.intercom.io *.intercomcdn.com *.vimeo.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.juicer.io *.typography.com *.intercomassets.com *.wellthy.com *.mxpnl.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.linkedin.com *.hubspot.com *.sentry-cdn.com *.sentry.io *.cloudflareinsights.com *.hscollectedforms.com *.hs-analytics.net *.hs-banner.com *.googleadservices.com *.hs-scripts.com *.hscollectedforms.net *.wlthy.cloud *.sprig.com 'unsafe-eval' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-cnIrO00n4gk0ouLpxjxJb+gtrXOTtCjoftJyPSajoks=' *.okta.com 'nonce-ucB91xO1rihV5YlV'; connect-src 'self' *.cloudflare.com *.intercom.io *.intercomcdn.com *.vimeo.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.juicer.io *.typography.com *.intercomassets.com *.wellthy.com *.mxpnl.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.linkedin.com *.hubspot.com *.sentry-cdn.com *.sentry.io *.cloudflareinsights.com *.hscollectedforms.com *.hs-analytics.net *.hs-banner.com *.googleadservices.com *.hs-scripts.com *.hscollectedforms.net *.wlthy.cloud *.sprig.com wss: *.getsentry.com; default-src *; font-src 'self' *.cloudflare.com *.intercom.io *.intercomcdn.com *.vimeo.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.juicer.io *.typography.com *.intercomassets.com *.wellthy.com *.mxpnl.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.linkedin.com *.hubspot.com *.sentry-cdn.com *.sentry.io *.cloudflareinsights.com *.hscollectedforms.com *.hs-analytics.net *.hs-banner.com *.googleadservices.com *.hs-scripts.com *.hscollectedforms.net *.wlthy.cloud *.sprig.com data:; style-src 'self' *.cloudflare.com *.intercom.io *.intercomcdn.com *.vimeo.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.juicer.io *.typography.com *.intercomassets.com *.wellthy.com *.mxpnl.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.linkedin.com *.hubspot.com *.sentry-cdn.com *.sentry.io *.cloudflareinsights.com *.hscollectedforms.com *.hs-analytics.net *.hs-banner.com *.googleadservices.com *.hs-scripts.com *.hscollectedforms.net *.wlthy.cloud *.sprig.com *.wellthy.com 'unsafe-inline' 1
font-src maxcdn.bootstrapcdn.com *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.viglink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-YjEnepxcYGFna+U99gIhTbOXBVlycC2rM5UKp1MrcS0=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'nonce-YjEnepxcYGFna+U99gIhTbOXBVlycC2rM5UKp1MrcS0=' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com  https://*.googletagmanager.com  https://*.g.doubleclick.net https://*.gstatic.com https://*.google.com https://googleads.g.doubleclick.net data:; font-src 'self' https://fonts.gstatic.com data:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com; report-uri /csp-report ;report-to cspendpoint; 1
default-src 'self';script-src 'self' 'unsafe-eval' pay.sandbox.datatrans.com payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://track.bx-cloud.com https://www.googleoptimize.com https://cdn.scarabresearch.com https://static.scarabresearch.com https://tc.connects.ch https://bat.bing.com https://static.hotjar.co *.getback.ch *.hotjar.com *.criteo.com *.criteo.net https://ajax.cloudflare.com https://ocdn.eu *.onet.pl 'sha256-Ifh9ixurLzmgtO9d4k+Dh2N1mFV2xs3Xw9rZXZ3ezGc=' 'sha256-02ZxeTUnbomAMqtfbBs+Akk1VDc2oTpJwLu9f25b4fo=' 'sha256-wzu1RpBUwI+iXFt/hYnNupmxuWXkAhGu/7+4x9+a3u8=' 'sha256-WFZ3vM77R/4qWGxy/kIL78kpf4KHTbhcDJOpvTjUFD0=' 'sha256-rCUtbyAPxDQrTU6vQQjzVWT5E0VA1rwdtSSs/bLyP+Q=' 'sha256-ig2gSGuwvxCgtLsWHcNrPPF5sIj6lL21HWjUhvv2UkQ=' 'sha256-3h7QcnJhiTySuwHoIHetcG35gH+Jx64UqNeJKilyEgQ=' 'sha256-1Yd7kVEyMb6IK+f9wICjxTHUF/ICfVAr3ehweMijky4=' 'sha256-mEt3+h6nWTomqE7ur5vUWvSElL+QQU1KBblg55D6joM=' 'sha256-ajkq0Fdfa4CRfh/wpYN+NdPpYlA1c1XWtcPkDegvr6I=' 'sha256-kqAM9/JT+fik9ZYrr3mdQAp+5wPctH2KSXNHR+j6UuM=' 'sha256-w0oD10mS64FrlHFP83wc/XSp5ZhLyG5vh9A7q1GUFqw=' 'sha256-Iex3qNgxTpidIR6Qub5QjK3f5+xTLusuXDrnhLS8x9U=' 'sha256-8Xd+ujF0s8o0rpLon0ee3ZpUYDQWZCD49n07C6XqKuQ=' 'sha256-wR9nnIz6Cpd2eCKSfA3sZwJoBic/SOGALDY9y+siCaw=' 'sha256-skqv+8BGucqXcTl2p9dBU7gHHB3EVya8rIvgsu7bjXA=' 'sha256-27jYwMrTM0r8m+BIKhIgv9vasr/D8nWlfELD2gVb6IU=' 'sha256-l0wkTPiVrN2n3WJZ88C9XMypcHt8S3xTs5UQindnt+k=' 'sha256-/ut/63kwS+XWRZglX6OPUSbcT9DTxTKhc6DShIOpToA=' 'sha256-2vvQm2DqnT/0diSLx11RMdv9vnFTc75cbwMeETkHyxs=' 'sha256-gng7C5PCrVZmgU6Ln8bx0swwO5tbzq82cnUfqqSurmk=' 'sha256-Nk67eWBxwLSvnyWVMV4pF5iMRkWReDBx576DS6UpSWM=';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://geschenkidee.cloudflareaccess.com *.getback.ch https://cdnjs.cloudflare.com;frame-src 'self' payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz https://bid.g.doubleclick.net *.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com/ https://gum.criteo.com https://geschenkidee.cloudflareaccess.com https://www.youtube.com https://www.google.com https://api.test.geschenkidee.ch;connect-src 'self' https://api.geschenkidee.ch https://www.google-analytics.com https://api.ideecadeau.ch https://track.bx-cloud.com https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://recommender.scarabresearch.com https://webchannel-content.eservice.emarsys.net https://recommender-eu.scarabresearch.com https://in.hotjar.com https://stats.g.doubleclick.net https://www.lacmp.net https://o501385.ingest.sentry.io https://vc.hotjar.io https://events.ocdn.eu https://csr.onet.pl *.getback.ch;img-src 'self' static.geschenkidee.ch data: https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com googleads.g.doubleclick.net https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://www.google.de *.onet.pl;font-src 'self' https://fonts.gstatic.com data: https://geschenkidee.cloudflareaccess.com https://script.hotjar.com https://cdnjs.cloudflare.com 1
object-src 'none';base-uri 'self';script-src 'nonce-YX-ETn1KZAtR9xA4dJ7VRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2aJLYCQS8KwsC2qN4Hxkjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dnX0ia0qGnszobCVXKLwTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' https: https://www.googletagmanager.com https://log.xiti.com p1.parsely.com; default-src 'self' https:; frame-src 'self' https: https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data: https://www.googletagmanager.com p1.parsely.com; object-src 'none'; script-src 'self' https: https://tag.aticdn.net 'nonce-qhe0CqcZOz4NoB2mEzfYCw=='; style-src 'self' https: 'nonce-qhe0CqcZOz4NoB2mEzfYCw=='; report-uri /csp-violation-report 1
default-src 'self';style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://hensoldt.nanorep.co https://www.googletagmanager.com https://www.google-analytics.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://a.delivery.consentmanager.net https://e2eg.co.uk https://www.buzzsprout.com https://*.addthis.com https://z.moatads.com https://*.addthisedge.com; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://a.delivery.consentmanager.net https://delivery.consentmanager.net https://cdn.consentmanager.net https://www.kununu.com https://*.amazonaws.com data:; frame-src https://cdn.consentmanager.net https://www.youtube.com https://www.youtube-nocookie.com https://www.buzzsprout.com https://*.addthis.com; connect-src 'self' https://hensoldt.matomo.cloud https://hensoldt.nanorep.co https://visitor-services.nanorep.com https://m.addthis.com; object-src 'none'; report-uri /csp.php 1
object-src 'none';base-uri 'self';script-src 'nonce-INmteqtsR1l5AIbb5Wed2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.williamdam.dk *.skybooks.dk *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.viabill.com *.trustpilot.com *.clarity.ms *.bing.com *.facebook.net *.facebook.com *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com *.jquery.com *.bog.nu *.w3.org *.schema.org *.postnord.com *.postnord.dk *.pubhub.dk; report-uri /csp_report.php 1
object-src 'none';base-uri 'self';script-src 'nonce-NAI4a62xPaQt_uPJArSeUg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DgglAif1Y4XeHsxhhdxcGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com maxcdn.bootstrapcdn.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: azcd.domayne.com.au www.harveynorman.com.au *.facebook.net www.domayne.com.au api.zipmoney.com.au www.pages07.net static.zipmoney.com.au *.imgix.net *.azureedge.net www.googletagmanager.com www.google-analytics.com assets.adobedtm.com *.googlesyndication.com *.bazaarvoice.com *.everesttech.net bam.nr-data.net b.sli-spark.com media.flixcar.com domayne.resultspage.com *.facebook.com *.doubleclick.net *.omtrdc.net *.gstatic.com assets.resultspage.com edge.fullstory.com *.vimeo.com *.demdex.net js-agent.newrelic.com adservice.google.com *.googleadservices.com api.ipstack.com www.google.com saas-p2w.azurewebsites.net rs.fullstory.com www.sc.pages07.net use.typekit.net *.freshchat.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-PPadzTUkdhxWas-3tIPEjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://fr.tuto.com/a_reportcsp/log 1
object-src 'none';base-uri 'self';script-src 'nonce-mUrL1yC955CqKcxga_7Kxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: https://cdn.livechatinc.com *.klarnacdn.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src *.youtube.com https://www.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://secure.livechatinc.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://img.youtube.com https://www.google.co.uk https://bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.segmentify.com https://cdn.livechatinc.com https://api.livechatinc.com https://bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YwqwjNZaENfEpalzG0g5CA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-JEbMqTSRQbEsUBjgTmIW5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2nqmSUbsmk2v2ggSId50_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IbI3nOj-vTeDs7kH9cishQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8eb-vjMK9m-zEBfiVwdfEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; connect-src 'self' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; base-uri 'self'; form-action 'self'; img-src 'self' data: upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; script-src 'self' 'unsafe-inline' upload.dibeo.at asset.dibeo.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-GO_S_W8u1gGm7EFKrKB7Jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4zGbZifN4O_cuA4BZETjWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.hospitaloswaldocruz.org.br *.digitaloceanspaces.com *.facebook.net www.googletagmanager.com www.youtube.com *.ads-twitter.com *.doubleclick.net us-central1-perto-digital.cloudfunctions.net adservice.google.com www.google.com *.twitter.com fonts.cdnfonts.com *.facebook.com www.google.com.br analytics.google.com *.crazyegg.com *.linkedin.com *.licdn.com t.co *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.across.to across.to wss://api.blocknative.com; font-src 'self' fonts.gstatic.com assets.vercel.com data:; img-src 'self' *.walletconnect.com assets.vercel.com data:; connect-src wss://*.walletconnect.com *.walletconnect.com wss://api.blocknative.com mainnet.infura.io *.across.to across.to *.wallet.coinbase.com *.alchemy.com *.infura.io api2.amplitude.com *.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com vercel.live; style-src 'self' 'unsafe-inline'; frame-src 'self' vercel.live platform.twitter.com *.walletconnect.com; frame-ancestors 'self'; report-uri https://umaproject.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-3f5ktdsVql9LAzo_3ZMz3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Zg7o9HDGRfDCbsD7R4EAUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eaTPmXrpQwJW9dXbV0DGXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tDh05RCJ2_Hx5s9pBFz2XA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com landofcoder.com maps.googleapis.com chart.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.bird.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com landofcoder.com maps.googleapis.com chart.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.googletagmanager.com tagmanager.google.com https://7258763.collect.igodigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com landofcoder.com maps.googleapis.com chart.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Bo0iLBV49UpNXh3arbpuuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bA7XWX30oHCPhxTAuUpqng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-bfRs5SDuOMDNcanJAr0SWw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-xZ4rO_S-iewCPXDP2OpGCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4zsycI4k-I8Pwr_3JAudyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a0jmLAhfp8Ek1Ndo7alGcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.cookielaw.org *.dhl.com *.obi4wan.com cdnjs.cloudflare.com *.jsdelivr.net unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' data: *.cookielaw.org; media-src 'self' *.youtube.com; frame-src 'self' *.google.com *.googletagmanager.com *.dhl.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' *.googleusercontent.com; connect-src 'self' *.cookielaw.org *.dhl.com *.onetrust.com  *.obi4wan.com *.obi4wan.ai; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-qg9ZL0QjZVgyvkas6zxTtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UvonO-9QT_q8DYsKXk5uPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4UVVO5YxiuOix40v_L0VEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mih8eLNyA243HsatAVOtJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-lQWYhWo58PenZL0O4jUIfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 1
object-src 'none';base-uri 'self';script-src 'nonce-Qk33fAcN2Rg9HCenxQWN1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' hdsystem.pl www.hdsystem.pl *.smsapi.pl *.youtube.com *.facebook.com *.freshmail.io *.katowice.sesja.pl *.hd.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com;style-src *.freshmail.io *.katowice.sesja.pl *.hd.pl *.hdsystem.pl 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' *.google-analytics.com;font-src 'self' fonts.gstatic.com https:; img-src 'self' *.google.com *.google.pl *.googletagmanager.com *.google-analytics.com;frame-ancestors 'self';report-uri /report-csp 1
object-src 'none';base-uri 'self';script-src 'nonce-LYHJY_dKRwTqNTTFzkTfUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apps.mypurecloud.com *.tvsquared.com widgets.hive.genesys.com www.google-analytics.com www.youtube.com www.googletagmanager.com s.ksrndkehqnwntyxlhgto.com *.cloudfront.net alpixtrack.com process.iconnode.com use.typekit.net *.adsrvr.org *.gstatic.com p.typekit.net *.facebook.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com kit.fontawesome.com p.ksrndkehqnwntyxlhgto.com www.google.com js.alpixtrack.com *.facebook.net ka-p.fontawesome.com code.jquery.com *.doubleclick.net chat.forumcu.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src maxcdn.bootstrapcdn.com https://v2.zopim.com/widget/fonts/zopim.ttf *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com  *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com self data: klarna.com *.klarnaevt.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com td.doubleclick.net widget.trustpilot.com *.twitter.com *.facebook.com *.tradecentric.com *.punchout2go.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.posturite.co.uk *.paypalobjects.com static.zdassets.com *.cloudflare.com px.ads.linkedin.com bat.bing.com *.google.co.uk v2.zopim.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.usercentrics.eu *.feefo.com *.facebook.com *.assets.adobedtm.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com snap.licdn.com connect.punchout2go.com/jslib/lib/basic/basic.js bat.bing.com cdn.iintf.co v2.zopim.com static.zdassets.com www.dwin1.com www.upsellit.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.facebook.net *.assets.adobedtm.com www.clarity.ms widget.trustpilot.com *.visualwebsiteoptimizer.com *.hotjar.com widget.freshworks.com m2epro.freshdesk.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com connect.punchout2go.com widget.freshworks.com m2epro.freshdesk.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cc-cdn.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com posturite.zendesk.com *.cloudflare.com m0nb5es2od.execute-api.eu-west-2.amazonaws.com gweu.stape.io ekr.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net ddlnk.net *.analytics.google.com static.zdassets.com *.usercentrics.eu *.twitter.com *.paypal.com *.twimg.com *.feefo.com *.nr-data.net s.clarity.ms capig.stape.cloud pagead2.googlesyndication.com bat.bing.com www.google.co.uk *.tradecentric.com *.punchout2go.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.happybeds.co.uk/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-lcNByMYe8CslcX-R9kzLfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-43oo4B4NM7QR96tsYDx9JQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FRSeuLLNGxVVz3GnbQiPYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GdfkxFyF8v96hFkvLhmWxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com www.marijuana-seeds.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://r1.dmtrk.net/signup.ashx *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; frame-ancestors www.marijuana-seeds.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://r1-t.trackedlink.net https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.freshchat.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.kaltura.com https://www.gravatar.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com www.marijuana-seeds.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://r1-t.trackedlink.net *.nosto.com https://stats.g.doubleclick.net https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://cdn.euc-freshbots.ai https://wchat.eu.freshchat.com *.cloudflare.com https://staticw2.yotpo.com *.mantisadnetwork.com *.crazyegg.com *.facebook.com *.kaltura.com *.freshrelevance.com *.cloudfront.net tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline assets.braintreegateway.com https://cdn.euc-freshbots.ai https://wchat.eu.freshchat.com tagmanager.google.com *.yotpo.com *.googleapis.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com *.marijuana-seeds.nl www.marijuana-seeds.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://r1-t.trackedlink.net *.nosto.com https://www.euc-freshbots.ai https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://wchat.eu.freshchat.com https://assetscdn-wchat.eu.freshchat.com https://stats.addtoany.com *.crazyegg.com wss://am.freshrelevance.com *.freshrelevance.com https://c8.dycdn.net/ *.yotpo.com www.marijuana-seeds.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.marijuana-seeds.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.marijuana-seeds.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src *.sagepay.com *.bglobale.com *.global-e.com *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: static.paddockspares.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sagepay.com *.bglobale.com *.global-e.com *.mondu.ai/ *.mondu.local localhost:*/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk media.paddockspares.com static.paddockspares.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.lpsnmedia.net *.newrelic.com *.livechatinc.com bam.nr-data.net static.paddockspares.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com fonts.google.com *.cloudflare.com *.bootstrapcdn.com fonts.googleapis.com static.paddockspares.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.paypal.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net bam.nr-data.net *.livechatinc.com static.paddockspares.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com secure-gateway.hipay-tpp.com *.hipay.com https://www.googletagmanager.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.oreca-store.com *.omnitagjs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.hipay.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net www.google.com *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org www.google.fr *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com polyfill.io secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com www.googletagmanager.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net cdn.jsdelivr.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net www.google.com *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googleoptimize.com *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.hipay.com *.fontawesome.com cdn.jsdelivr.net *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.criteo.net *.criteo.com *.bing.com *.facebook.net *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.doubleclick.net *.adnxs.com *.smartadserver.com *.3lift.com *.yahoo.com *.360yield.com *.outbrain.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.ad-stir.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.hipay.com wss://mpsnare.iesnare.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com js-agent.newrelic.com bam-cell.nr-data.net bam.nr-data.net stats.g.doubleclick.net googleads.g.doubleclick.net data: *.hipay-tpp.com *.iesnare.com bat.bing.com *.cookiebot.com *.adnxs.com *.lgw.io *.facebook.com *.facebook.net ad.doubleclick.net *.licdn.com *.tiktok.com *.criteo.com *.criteo.net *.doubleclick.net *.google.fr *.linkedin.com *.clarity.ms *.yahoo.com *.outbrain.com gum.criteo.com *.adingo.jp *.ad-stir.com *.privacy-center.org *.googletagmanager.com *.sensefuel.com *.dialoginsight.com *.mydialoginsight.com *.bing.com *.abtasty.com *.avis-verifies.com *.rubiconproject.com *.addthis.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.bidswitch.net *.search.sensefuel.live cm.mgid.com *.taboola.com *.liadm.com *.advertising.com *.casalemedia.com *.teads.tv *.media.net *.omnitaggjs.com *.adform.net *.sharethrough.com *.stickyadstv.com *.openx.net *.rlcdn.com *.e-planning.net *.ad.smaato.net *.tremorhub.com *.yieldlab.net *.kargo.com *.postrelease.com *.clmbtech.com *.yieldmo.com sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.tapad.com *.krxd.net *.demdex.net *.bluekai.com *.thebrighttag.com *.oreca-store.com *.omnitagjs.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src edwineurope.app.baqend.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.weltpixel.com consentcdn.cookiebot.com ct.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com bat.bing.com ct.pinterest.com www.google.co.ma cdn.edwin-europe.com www.google.de imgsct.cookiebot.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com edwineurope.app.baqend.com consent.cookiebot.com bat.bing.com cdn.scarabresearch.com script.hotjar.com static.hotjar.com s.pinimg.com a.opumo.net consentcdn.cookiebot.com ct.pinterest.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://prod.edwin.cartware.de blob: tagmanager.google.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.nlservice.edwin-europe.com:8443/subscribe edwineurope.app.baqend.com ipapi.co a.opumo.net ct.pinterest.com consentcdn.cookiebot.com stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-zvi77tZXIqWj'; style-src 'unsafe-inline'; report-uri /portal/xsslog?type=lp 1
object-src 'none';base-uri 'self';script-src 'nonce-qdGLtb3nRuSycpS7cSbRCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net www.xtento.com *.shoprunner.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca store.paradoxlabs.com www.xtento.com cdn.xtento.com *.shoprunner.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca *.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.shoprunner.io *.shoprunner.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca *.authorize.net *.shoprunner.io *.shoprunner.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; child-src https://*; connect-src 'self' https://d8ejoa1fys2rk.cloudfront.net https://sentry10.bynder.cloud https://api2.amplitude.com https://analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.amazonaws.com fast.appcues.com https://api.appcues.com https://api.appcues.net wss://api.appcues.net https://apiv2.webdamdb.com/oauth2/token https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com emrays.production-global.us-east-1.bynder.cloud; font-src https://* data: ; img-src https://* data: blob:; media-src https://*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.amplitude.com https://js.hs-analytics.net fast.appcues.com browser.sentry-cdn.com bynder-static.s3.amazonaws.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com; style-src 'self' 'unsafe-inline' https://d8ejoa1fys2rk.cloudfront.net https://fonts.googleapis.com bynder-static.s3.amazonaws.com fast.appcues.com https://cmp.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com; worker-src 'self' blob:; report-uri https://sentry10.bynder.cloud/api/1817/security/?sentry_key=638cfd1ab10c78c179140416b9893c0e 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com www.google.com www.google.co.in www.facebook.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.texmetals.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com cdn.socket.io beacon.riskified.com mouseflow.com cdn.mouseflow.com widget.nfusionsolutions.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' style *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.facebook.com websocket.texmetals.com wss://websocket.texmetals.com ws-so-staging.texmetals.com wss://ws-so-staging.texmetals.com *.riskified.com *.mouseflow.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri {{baseUrl}}; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-rv-T9ckPCibxQrDxGWwlFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com *.hipay.com https://widget.trustpilot.com csxd.{crossdomain} www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.sharethis.com *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com cdn.jsdelivr.net https://www.googletagmanager.com https://widget.trustpilot.com 'unsafe-inline' t.contentsquare.net app.contentsquare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.hipay.com cdn.jsdelivr.net fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.sharethis.com *.hipay.com wss://mpsnare.iesnare.com *.getalma.eu *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qhZ-S-wznTID98Km4-a0UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-F-uzQqEmoXSLPy68v_ZuOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-D6nGGJx90OZASlPGhpPkMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wb7tpWtUy_wNxRvWVLJ23w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AD4M3K2juU39VhG7Oc5FEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ld4XiPNpB9FcsOakx9Rmbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qJdRgpkkGccvq9TNz6z5xA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce--AiKjkM_alU7Ksfw6Y87Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://d1givitoj7uukl.cloudfront.net http://cdnjs.cloudflare.com https://static.dhlparcel.nl https://shoesme.b-cdn.net https://*.hotjar.com https://v2.zopim.com www.shoesme.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.shoesme.nl 'self' 'unsafe-inline'; frame-ancestors www.shoesme.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://vars.hotjar.com https://ct.pinterest.com https://www.sovendus-connect.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com *.criteo.com www.shoesme.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com validate.fishpig.co.uk https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://* www.shoesme.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://snapppt.com https://cdn.snapppt.com https://api.snapppt.com https://cdn.addsauce.com https://app.addsauce.com https://api.addsauce.com http://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.dhlparcel.nl https://maps.googleapis.com https://pagead2.googlesyndication.com https://shoesme.b-cdn.net https://bat.bing.com https://www.clarity.ms https://*.hotjar.com https://s.pinimg.com https://v2.zopim.com https://static.zdassets.com https://www.dwin1.com https://api.sovendus.com www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://d1givitoj7uukl.cloudfront.net https://static.dhlparcel.nl https://shoesme.b-cdn.net https://*.hotjar.com www.shoesme.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.shoesme.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com autocomplete2.postdirekt.de https://stats.g.doubleclick.net https://snapppt.com https://app.addsauce.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://shoesme.b-cdn.net https://ekr.zdassets.com https://ct.pinterest.com https://bat.bing.com https://*.clarity.ms wss://widget-mediator.zopim.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://identification-api.sovendus.com https://press-tracking-api.sovendus.com the.sciencebehindecommerce.com www.shoesme.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.shoesme.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.shoesme.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-mameNGFI5qovE3u9XZeW2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com www.googletagmanager.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://*.google.com *.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com axi.maxiaxi.com *.pinterest.com *.addthis.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.buckaroo.nl validate.fishpig.co.uk https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://redchamps.com ts.tradetracker.net www.magmodules.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.maxiaxi.com bat.bing.com www.google.nl *.squeezely.tech tm-tradetracker.net *.pinterest.com *.googleapis.com *.googleoptimize.com squeezely.tech *.linkedin.com *.cookiebot.com *.etrusted.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://cdn.polyfill.io https://browser.sentry-cdn.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io tm.tradetracker.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com app.aiden.cx js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net *.trustpilot.com *.zopim.com static.sooqr.com *.zdassets.com bat.bing.com static.buckaroo.nl *.squeezely.tech tm-tradetracker.net *.maxiaxi.com *.clarity.ms *.googleoptimize.com *.zendesk.com bam.eu01.nr-data.net squeezely.tech *.pinimg *.addthis.com *.addthisedge.com *.moatads.com *.pinimg.com *.hotjar.com *.hotjar.io *.licdn.com *.beslist.nl *.tiktok.com *.stripe.com *.cookiebot.com *.etrusted.com *.smooch.io *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.sooqr.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net https://*.google.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://*.ingest.sentry.io https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com bam.nr-data.net *.zdassets.com widget-mediator.zopim.com stats.g.doubleclick.net squeezely.tech cognito-identity.eu-central-1.amazonaws.com rum-collector-2.pingdom.net wss://widget-mediator.zopim.com *.maxiaxi.com *.clarity.ms *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.pinterest.com measurement-api.criteo.com *.zendesk.com bam.eu01.nr-data.net *.addthis.com *.hotjar.com *.beslist.nl *.tiktok.com app.aiden.cx *.hotjar.io wss://ws.hotjar.com analytics.pangle-ads.com googleads.g.doubleclick.net *.ads.linkedin.com *.cookiebot.com *.etrusted.com *.smooch.io *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-SkbVBubihPK5WRQEt_5LyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cl.avis-verifies.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org t.mydialoginsight.com axeptio.imgix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com static.axept.io cdn.jsdelivr.net *.newrelic.com *.nr-data.net *.axept.io *.cabesto.com https://cdnjs.cloudflare.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.jsdelivr.net *.cabesto.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.wonderpush.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.newrelic.com *.nr-data.net ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.google-analytics.com *.cloudfront.net *.livechatinc.com *.hotjar.com bm-rx.atatus.com mpsnare.iesnare.com *.gstatic.com vc.hotjar.io www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ https://www.youtube.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net cdn.powersuite-tools.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.plugins.emarsys.net *.scarabresearch.com *.google.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src powersuite-tools.com test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.scarabresearch.com *.eservice.emarsys.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com data: *.olark.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors secure.networkmerchants.com secure.nmi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.paymentexpress.com *.windcave.com *.yotpo.com https://app.maker.co *.olark.com *.brightcove.net *.socialannex.net *.audioeye.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io mageside.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.googleapis.com *.gstatic.com *.brightcove.net *.brightcove.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com *.google.com *.google.com.ua *.boltdns.net *.olark.com *.socialannex.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.yotpo.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com https://app.maker.co *.googleapis.com *.bronto.com *.bm23.com *.brightcove.net *.brightcove.com *.zencdn.net *.celebros.com *.google.com *.gstatic.com *.celebros-analytics.com *.crazyegg.com *.olark.com *.socialannex.com *.jquery.com *.newrelic.com *.nr-data.net *.audioeye.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline secure.nmi.com *.yotpo.com *.googleapis.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com https://ygy1.com *.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.yotpo.com *.youngevity.com *.ygyi-stg.com *.brightcovecdn.com *.boltdns.net *.brontops.com *.bronto.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.crazyegg.com *.olark.com *.googleapis.com *.nr-data.net *.audioeye.com https://app.maker.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://ajax.cloudflare.com *.newrelic.com *.nr-data.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.typekit.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.nr-data.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-DWgd6kFaJLHTzpMbLnxlMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com/ https://consentcdn.cookiebot.com/ *.doubleclick.net *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.facebook.com/ https://www.google.com/ https://cdn.klarna.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fp-b2c.farmaciasportuguesas.pt/ *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io https://www.google.com/recaptcha/ https://www.gstatic.com/ https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/ https://connect.facebook.net/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://maps.googleapis.com/ *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com/ https://ct.pinterest.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net https://consentcdn.cookiebot.com/ *.doubleclick.net *.google.com *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com *.gstatic.com *.googleapis.com https://*.hotjar.com https://*.hotjar.io https://apps.bazaarvoice.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com e.issuu.com www.youtube.com youtube.com woobox.com www.woobox.com facebook.com www.facebook.com instagram.com www.instagram.com s7.addthis.com assets.pinterest.com ecwportal.vertexsmb.com *.hotjar.com *.hotjar.io *.google.com *.paypalobjects.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * syf.demdex.net *.syfpos.com *.syf.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.addthis.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com log.pinterest.com www.facebook.com *.googleadservices.com *.google-analytics.com www.google.pl *.paypal.com *.familyfarmandhome.com https://*.hotjar.com https://*.hotjar.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net store.paradoxlabs.com https://redchamps.com 'self' data: *.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net woobox.com www.woobox.com s7.addthis.com m.addthis.com v1.addthisedge.com assets.pinterest.com ecwportal.vertexsmb.com connect.facebook.net freegeoip.app api.ipbase.com *.google.com *.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.authorize.net *.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com downloads.mailchimp.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com use.fontawesome.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.syfpos.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com ubuy.syf.com buy.syf.com svcs.syf.com usvcs.syf.com www.b2bcreditservices.com iwww.b2bcreditservices.com js-agent.newrelic.com bam.nr-data.net s7.addthis.com *.paypal.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.hotjar.io https://*.doubleclick.net *.connect.facebook.net *.facebook.com www.google.pl www.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net *.authorize.net t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.analytics.google.com analytics.google.com cc.cdn.civiccomputing.com secure.golp4elik.com www.googletagmanager.com www.google.com *.googleapis.com apikeys.civiccomputing.com cdn.jsdelivr.net clapi.civiccomputing.com adservice.google.com *.linkedin.com *.doubleclick.net *.gstatic.com *.licdn.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-bDDNkxATbofmRDT4fVUl4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; connect-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
font-src cdn.jsdelivr.net https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cl.avis-verifies.com/ https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://*.metrics.* data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com secure-gateway.hipay-tpp.com *.hipay.com www.googletagmanager.com https://libs.hipay.com https://gum.criteo.com/ https://*.facebook.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.clarity.ms/ https://*.almapay.com/ https://*.metrics.* 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com polyfill.io cdn.jsdelivr.net *.plugins.emarsys.net *.scarabresearch.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.alothemes.com *.magepow.com static.axept.io https://cdnjs.cloudflare.com https://cdn.appconsent.io https://secure-gateway.hipay-tpp.com https://libs.hipay.com https://mpsnare.iesnare.com https://static.zdassets.com/ https://cl.avis-verifies.com/ https://assets.zendesk.com/ https://static.affilae.com/ https://bat.bing.com/ https://static.criteo.net/ https://sslwidget.criteo.com/ https://*.msecnd.net/ https://googleads.g.doubleclick.net/ https://*.beyable.com/ https://beyableprod.blob.core.windows.net/ https://code.jquery.com/ https://*.axept.io/ https://913.userly.net/ https://dynamic.criteo.com/ https://s.marvellousmachine.net/ https://adperf.go2cloud.org/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://*.metrics.* 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net https://fonts.googleapis.com *.hipay.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://libs.hipay.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://*.metrics.* 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com https://mpsnare.iesnare.com https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.analytics.google.com/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://*.metrics.* 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.getalma.eu *.scarabresearch.com *.eservice.emarsys.net https://*.hipay.com wss://mpsnare.iesnare.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://nominatim.openstreetmap.org *.alothemes.com *.magepow.com client.axept.io api.axept.io pagead2.googlesyndication.com pro.ip-api.com region1.google-analytics.com ws.colissimo.fr https://www.naturalforme.info https://maps.googleapis.com https://collector.appconsent.io https://*.zendesk.com https://*.zdassets.com iesnare.com wss://*.iesnare.com https://awsapis3.netreviews.eu/ https://cl.avis-verifies.com/ https://*.doubleclick.net/ https://*.azure-api.net/ https://913.userly.net/ https://uzerly.net/ https://*.uzerly.net/ https://*.kameleoon.com/ https://*.kameleoon.eu/ https://*.kameleoon.io/ https://*.facebook.com https://*.clarity.ms/ https://*.almapay.com/ https://www.google.com https://*.metrics.* 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://interparking.report-uri.com/r/d/csp/wizard 1
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.adyen.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkoutshopper-test.adyen.com www.youtube.com consentcdn.cookiebot.com vars.hotjar.com s.acquire.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.trackedlink.net js.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com www.w3.org s.acquire.io admin.expivi.net d33o7r96pw821t.cloudfront.net analytics.sleeknote.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkoutshopper-live.adyen.com/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com ajax.googleapis.com r1-t.trackedlink.net js-agent.newrelic.com admin.expivi.net consent.cookiebot.com security-hub.vaimo.network static.hotjar.com rum-static.pingdom.net script.hotjar.com consentcdn.cookiebot.com bam-cell.nr-data.net s.acquire.io sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com connect.facebook.net *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com script.hotjar.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com data: sleeknote.com sleeknotestaticcontent.sleeknote.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bam-cell.nr-data.net eucs23.ksearchnet.com stats.klevu.com app.acquire.io www.expivi.net security-hub.vaimo.network static.hotjar.com rum-static.pingdom.net script.hotjar.com rum-collector-2.pingdom.net in.hotjar.com stats.g.doubleclick.net consentcdn.cookiebot.com wss://s.acquire.io s.acquire.io sleeknote.com sleeknotestaticcontent.sleeknote.com googleads.g.doubleclick.net *.nr-data.net *.cloudfront.net *.expivi.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-29ac1d50da710c0bc6ef058f71977621' https://www.horlogeforum.nl/logs/ https://www.horlogeforum.nl/sidekiq/ https://www.horlogeforum.nl/mini-profiler-resources/ https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/extra-locales/ https://www.horlogeforum.nl/highlight-js/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/ https://www.horlogeforum.nl/theme-javascripts/ https://www.horlogeforum.nl/svg-sprite/ https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://www.googletagmanager.com; worker-src 'self' https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
font-src *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.authorize.net checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com media.sezzle.com maps.gstatic.com https://widget.freshworks.com https://www.strikeindustries.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net sandbox-assets.secure.checkout.visa.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in maps.googleapis.com https://classic.avantlink.com https://www.googletagmanager.com https://maps.googleapis.com https://widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://widget.freshworks.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net https://widget.freshworks.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://www.zenaps.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com https://*.attn.tv; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://*.google.com https://*.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.shuuemura-usa.com https://*.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.attn.tv https://events.attentivemobile.com https://www.shuuemura-usa.com/e2/ds/relay https://horizon-api.www.shuuemura-usa.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.shuuemura-usa.com https://m.shuuemura-usa.com https://checkout.shuuemura-usa.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://assets.revlifter.io https://*.akamaihd.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://tr.snapchat.com https://cdn.attn.tv https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com https://s1.thcdn.com; report-to report-endpoint; 1
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' *.youtube.com mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self';report-uri /cspreport.php 1
object-src 'none';base-uri 'self';script-src 'nonce-Q1Q8EFt5wFLhzGDnq7URyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'self' www.youtube-nocookie.com data: blob:; connect-src 'self' forms.hsforms.com cdn.plyr.io noembed.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com cdn.cookielaw.org cdn.acsbapp.com api.hubapi.com forms.hscollectedforms.net wss://craft-intel471.ddev.site:3000 ws.zoominfo.com pagead2.googlesyndication.com tattle.api.osano.com; frame-ancestors 'self'; img-src 'self' d39ec1uo9ktrut.cloudfront.net intel471.imgix.net i.ytimg.com forms.hsforms.com forms-na1.hsforms.com cdn.plyr.io www.google.com lltrck.com track.hubspot.com cdn.cookielaw.org data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cmp.osano.com www.googletagmanager.com googleads.g.doubleclick.net acsbapp.com js.hsforms.net js.hs-scripts.com ws.zoominfo.com lltrck.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net www.google-analytics.com cdn.plyr.io www.youtube.com craft-intel471.ddev.site:3000 www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' cdn.plyr.io; form-action 'self' forms.hsforms.com; frame-src forms.hsforms.com www.youtube-nocookie.com www.google.com td.doubleclick.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com www.sc.pages0b.net *.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com shielded.co.nz pixel-geo.prfct.co www.google.co.nz b2262927.smushcdn.com v2assets.zopim.io cdnjs.cloudflare.com vc.hotjar.io *.gstatic.com metrics.hotjar.io *.facebook.com secure.adnxs.com analytics.google.com ampcid.google.com static.zdassets.com www.google.com.au adservice.google.com koi-3qn7bghifk.marketingautomation.services *.zopim.com www.pages0b.net *.facebook.net ampcid.google.co.nz *.googlesyndication.com *.zendesk.com content.hotjar.io tag.perfectaudience.com ekr.zdassets.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.fr/shp_fra_fr/webformat_csptools/report/; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com www.captcha.eu widget.trustpilot.com solutions.invocacdn.com *.doubleclick.net pnapi.invoca.net featuregates.org maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com www.google-analytics.com www.google.com *.googleadservices.com cdn.shortpixel.ai adservice.google.com eum-red-saas.instana.io www.googletagmanager.com *.facebook.com pixel.pointmediatracker.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com widgets.rr.skeepers.io events.statsigapi.net cdn.jsdelivr.net statsigapi.net jscloud.net analytics.google.com *.optimizely.com pro.fontawesome.com eum.instana.io *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-2AOzjphZrXQ8-sF4F_RRxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api-cdn.usw2.pure.cloud *.gstatic.com *.googleadservices.com www.google.com *.facebook.com cdn-assets.affirm.com bat.bing.com i.ytimg.com *.doubleclick.net static.trackedweb.net gateway.woodmizer.com *.cloudinary.com rules.quantcount.com www.affirm.com woodmizer.ca api-cf.affirm.com form.jotform.com www.woodmizer.com metrics.hotjar.io secure.quantserve.com www.youtube.com cdn1.affirm.com *.hotjar.com apps.usw2.pure.cloud woodmizer.com *.googleapis.com www.google-analytics.com prreqcroab.icu koi-3qn2lzqzau.marketingautomation.services *.addthis.com pixel.quantserve.com www.googletagmanager.com analytics.google.com *.facebook.net adservice.google.com r2.dotmailer-surveys.com content.hotjar.io r2.trackedweb.net tracker.affirm.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com *.privacy-jeanlain.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com ajax.googleapis.com mobilite.jeanlain.com www.google.com cdn.jsdelivr.net cdnjs.cloudflare.com webspark-assets.dealerk.com maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com fonts.googleapis.com mobilite.jeanlain.com cdnjs.cloudflare.com webspark-assets.dealerk.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.dealerk.com *.motork.io *.drivek.com *.drivek.fr *.drivek.de *.drivek.it *.drivek.es *.drivek.co.uk *.dealerk.fr *.dealerk.de *.dealerk.it *.dealerk.es *.dealerk.co.uk *.jsdelivr.net *.vimeo.com data: blob: *.googletagmanager.com *.iubenda.com *.facebook.net facebook.com *.facebook.com *.doubleclick.net *.google-analytics.com googleanalytics.com *.analytics.google.com googleadservices.com googleoptimize.com *.gstatic.com *.google.com *.google.it *.google.es *.google.be *.google.fr *.google.nl *.google.de *.google.pt *.google.co.ma *.google.co.uk *.google.cat bam.nr-data.net unpkg.com js-agent.newrelic.com *.youtube.com *.emlsend.com acumbamail.com linkedin.com linkedin.oribi.io *.snapchat.com *.tapad.com *.sc-static.net *.tiktok.com *.twitter.com privacy-center.org *.matomo.cloud *.ekonsilio.io ekonsilio.com wisepops.net wisepops.com hotjar.com *.teads.tv greenbureau.com *.privacy-jeanlain.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.glia.com https://bcdn.integration.projectcorvette.us https://cdn.amplitude.com https://cdn.polyfill.io https://cdn.tiny.cloud https://js.stripe.com https://js.verygoodvault.com https://libs.salemove.com https://nexus.ensighten.com https://rec.smartlook.com https://siteintercept.qualtrics.com https://static.zdassets.com  https://staticw2.yotpo.com https://www.google-analytics.com https://www.googletagmanager.com https://zn3ibrpkldazquxaq-consumerinfo.siteintercept.qualtrics.com https://cdn.plaid.com https://bat.bing.com https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hello.myfonts.net https://libs.salemove.com https://www.google.co.uk https://www.tiny.cloud https://staticw2.yotpo.com https://www.gstatic.com https://cdn.honey.io; img-src 'self' blob: data: https://cdn.gabi.com https://nexus.ensighten.com https://sp.tinymce.com https://www.gabi.com https://www.google-analytics.com https://www.google.com https://i.insider.com https://www.nextinsure.com https://www.googletagmanager.com https://tags.w55c.net https://p.yotpo.com https://googleads.g.doubleclick.net https://translate.google.com https://api.yotpo.com https://siteintercept.qualtrics.com https://fonts.gstatic.com https://www.google.com.mx https://www.google.com.pr https://www.google.com.ph https://www.google.ca https://www.google.co.in https://www.gstatic.com https://pixel.pointmediatracker.com https://sp.analytics.yahoo.com https://libs.salemove.com; connect-src 'self' https://api.amplitude.com https://api.glia.com https://api.salemove.com https://api.yotpo.com https://assets-proxy.smartlook.cloud https://bcwup.integration.projectcorvette.us https://client-logger.salemove.com https://ekr.zdassets.com https://gabihelp.zendesk.com https://gabihelp1605922745.zendesk.com https://globalsiteanalytics.com https://log-einsti3test.us.v2.customers.biocatch.com https://manager.eu.smartlook.cloud https://region1.analytics.google.com https://region1.google-analytics.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://web-writer.eu.smartlook.cloud https://www.google-analytics.com https://www.google.co.uk https://www.google.co.in https://www.google.com.pr https://www.google.com.ph wss://pubsub.salemove.com https://web-writer.us.smartlook.cloud https://smarty.staging.gabi.com https://smarty.insurance.experian.com https://www.routingnumbers.info https://pubsub.salemove.com https://us-autocomplete-pro.api.smartystreets.com https://us-autocomplete-pro.api.smarty.com https://www.google.ca https://www.google.com https://kluster.salemove.com wss://kluster.salemove.com https://staticw2.yotpo.com https://bat.bing.com https://www.google.com.mx; font-src 'self' data: https://fonts.gstatic.com https://hello.myfonts.net https://www.tiny.cloud https://staticw2.yotpo.com https://static.zip.co; frame-src 'self' https://js.stripe.com https://6375438.fls.doubleclick.net https://js.verygoodvault.com https://cdn.plaid.com https://www.facebook.com https://10178839.fls.doubleclick.net; media-src 'self' https://libs.salemove.com; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6266f5d846cb5713666132c0f0ffe817&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
object-src 'none'; base-uri 'self'; font-src 'self' data: *.yespark.fr fonts.gstatic.com github.com; report-uri https://www.yespark.fr/csp-violation-report-endpoint 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com data: *.akamaized.net https://cdn.shopify.com *.fastsimon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.amazon.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.amazonaws.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com google.com www.googletagmanager.com *.yotpo.com *.amazon.com *.dotdigital-pages.com *.dotdigital.com www.xtento.com https://www.google.com https://www.p65warnings.ca.gov *.google.com *.googletagmanager.com *.paypal.com *.g.doubleclick.net *.fls.doubleclick.net *.braintreegateway.com *.dnky.co *.paypalobjects.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.yotpo.com *.ssl-images-amazon.com www.xtento.com cdn.xtento.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com www.google.co.in *.doubleclick.net https://ping-dot-acp-magento.appspot.com https://acp-magento.appspot.com https://cdn1-gae-ssl-default.akamaized.net *.instantsearchplus.com webchat.dotdigital.com https://ultimate-dot-acp-magento.appspot.com *.googleusercontent.com *.landmsupply.com https://t.powerreviews.com https://services.powerequipment.honda.com https://www.rockyboots.com https://m.media-amazon.com https://contentgrid.homedepot-static.com https://res.cloudinary.com  *.google-analytics.com *.google.co.in *.privacysandbox.googleadservices.com *.clarity.ms *.stats.paypal.com *.sandbox.paypal.com *.g.doubleclick.net *.paypalobjects.com *.powerreviews.com *.akamaized.net *.gfycat.com *.bing.com https://meetanshi.com/media/logo.png ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.authorize.net *.yotpo.com *.payments-amazon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com chimpstatic.com https://ping-dot-acp-magento.appspot.com https://acp-magento.appspot.com https://cdn1-gae-ssl-default.akamaized.net *.googleapis.com webchat.dotdigital.com https://ultimate-dot-acp-magento.appspot.com *.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://www.google.com https://ui.powerreviews.com https://static.powerreviews.com https://mpsnare.iesnare.com https://www.googleoptimize.com https://cdn-4.convertexperiments.com *.appspot.com api.fastsimon.com bam.nr-data.net *.powerreviews.com *.google.com *.gstatic.com *.braintreegateway.com *.paypal.com *.googleadservices.com *.g.doubleclick.net *.dnky.co *.google-analytics.com *.googletagmanager.com *.paypalobjects.com *.hotjar.com *.clarity.ms *.netdna-ssl.com cdn.dnky.co webchat.staging.dotdigital.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com stats.g.doubleclick.net www.google-analytics.com *.google.com *.googletagmanager.com fonts.googleapis.com *.gstatic.com https://cdn1-gae-ssl-default.akamaized.net https://ui.powerreviews.com *.fastsimon.com *.dnky.co *.powerreviews.com *.akamaized.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net *.yotpo.com *.amazon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.doubleclick.net *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com wss: *.paypal.com https://bam.nr-data.net https://ui.powerreviews.com *.powerreviews.com *.fastsimon.com *.instantsearchplus.com  *.google-analytics.com *.sandbox.braintree-api.com *.nr-data.net *.appspot.com *.dotdigital.com *.clarity.ms *.hotjar.io *.convertexperiments.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cdn.cookielaw.org *.trustpilot.com payments-test.worldpay.com payments.worldpay.com www.zenaps.com https://pay.google.com https://secure-test.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.trackedlink.net cdn.cookielaw.org optanon.blob.core.windows.net www.facebook.com bat.bing.com www.google.pl www.google.com/ *.clarity.ms c.bing.com services.postcodeanywhere.co.uk frontend-api.logicvapes.co.uk maps.googleapis.com nordicspirit.co.uk www.awin1.com tags.srv.stackadapt.com www.zenaps.com srv.stackadapt.com *.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com tags.affiliatefuture.com widget.trustpilot.com invitejs.trustpilot.com bat.bing.com cdn.jsdelivr.net *.pcapredict.com storage.googleapis.com tags.srv.stackadapt.com r1-t.trackedlink.net js-agent.newrelic.com bam-cell.nr-data.net *.trustpilot.com cdn.cookielaw.org bam.eu01.nr-data.net www.dwin1.com *.clarity.ms services.postcodeanywhere.co.uk logicvapes-uk-headless-frontend.api.test.jtiweb.co.uk www.zenaps.com the.sciencebehindecommerce.com payments.worldpay.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com fonts.gstatic.com tags.srv.stackadapt.com services.postcodeanywhere.co.uk payments.worldpay.com *.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com nordic-spirit-assets.s3.eu-west-2.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com stats.g.doubleclick.net tags.srv.stackadapt.com *.trustpilot.com cdn.cookielaw.org bam.eu01.nr-data.net bat.bing.com *.clarity.ms privacyportal-eu.onetrust.com services.postcodeanywhere.co.uk maps.googleapis.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ privacy.jti.com/request/v1/consentreceipts frontend-api.logicvapes.co.uk the.sciencebehindecommerce.com nominatim.openstreetmap.org prod.idscan.cloud poc.idscan.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src ; connect-src 'self' api.bellhop.com api.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bellhop.extole.io *.clarity.ms cdn.segment.com ct.pinterest.com *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net rs.fullstory.com stats.g.doubleclick.net www.google-analytics.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com ads.nextdoor.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 1
object-src 'none';base-uri 'self';script-src 'nonce-WRkMJF9gzNt3lAXsyWCZsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UyGQ2HQwf6w4zuimcUlzeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-FawrnPDyteH8RyNqzmlMlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4AMUP9RPVXiDZwJJ7JHEVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GWFGD0MgGD0DTkef0tC69A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-03117536ae0a466399e243160a0e2dea' https://www.myuthealthhouston.org 'self';img-src https://* 'self' blob: data:;style-src https://www.myuthealthhouston.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.googletagmanager.com *.googleapis.com maps.google.com *.doubleclick.net cdnjs.cloudflare.com *.facebook.com googlemaps.github.io analytics.google.com www.google.co.th maxcdn.bootstrapcdn.com *.gstatic.com adservice.google.com www.google-analytics.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-oqEInJWtP-tllbvD4AB8Gw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 20240207.v.boomlearning.com 'self'; connect-src 'self' https://login.microsoftonline.com https://translate.googleapis.com https://classroom.googleapis.com https://apm-engine.meteor.com https://www.google-analytics.com https://www.googletagmanager.com wss://managedpiperserver.azurewebsites.net https://www.paypal.com https://engine.montiapm.com/ wss://wow.boomlearning.com https://boom-cards.s3-us-west-2.amazonaws.com https://boom-production-job-files.s3.us-west-2.amazonaws.com *; font-src 'self' data: https://boom-app.s3-us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com http://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.boomlearning.com *; frame-ancestors 'self' https://*.instructure.com https://app.schoology.com https://classroom.google.com https://wow.boomlearning.com https://presencelearning.com http://ally.ac *; frame-src 'self' https://*.vimeo.com https://blog.boomlearning.com https://help.boomlearning.com https://accounts.google.com https://www.youtube-nocookie.com https://learn360.infobase.com https://studio.curriki.org https://screencast-o-matic.com https://assets.braintreegateway.com https://checkout.paypal.com https://pwm-image.trendmicro.com https://www.allfileconverter.net https://wow.boomlearning.com *; img-src 'self' blob: data: https://*.vimeocdn.com https://assets.pinterest.com https://boom-app.s3-us-west-2.amazonaws.com https://boom-app.s3.us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com https://*.microsoft.com https://*.instructure.com https://*.googleusercontent.com https://t.paypal.com https://cdn.boomlearning.com *; media-src 'self' blob: data: https://boom-app.s3-us-west-2.amazonaws.com https://boom-cards.s3-us-west-2.amazonaws.com https://cdn.boomlearning.com *; script-src 'self' 'unsafe-eval' 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://apm-engine.meteor.com https://translate.googleapis.com https://connect.facebook.net https://alcdn.msauth.net https://apis.google.com https://accounts.google.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js https://consent.cookiebot.com https://www.paypalobjects.com https://www.paypal.com 'unsafe-inline' https://www.gstatic.com https://cdn.boomlearning.com *; style-src 'self' blob: data: 'unsafe-inline' https://*.microsoft.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://assets.braintreegateway.com https://www.gstatic.com https://cdn.boomlearning.com *; report-uri /CSPReport 1
font-src *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.worldpay.com *.nosto.com *.nos.to https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ lpcdn.lpsnmedia.net www.facebook.com cdn.knightlab.com *.worldpay.com *.nosto.com *.nos.to https://pay.google.com https://secure-test.worldpay.com *.dotdigital-pages.com *.dotdigital.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com https://www.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.afd.co.uk *.bing.com www.facebook.com www.google.co.in www.google.com *.clarity.ms cdn-ukwest.onetrust.com www.googletagmanager.com *.nosto.com *.nos.to *.cloudflare.com *.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://www.google.com *.afd.co.uk *.lpsnmedia.net bat.bing.com cdn-ukwest.onetrust.com *.googleapis.com *.liveperson.net survey.g.doubleclick.net *.google.co.in *.google.com *.clarity.ms analytics.webgains.io connect.facebook.net *.newrelic.com *.nr-data.net *.worldpay.com *.nosto.com *.nos.to https://www.google.com/recaptcha/api.js https://www.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.nosto.com *.nos.to *.cloudflare.com *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.onetrust.com stats.g.doubleclick.net *.clarity.ms widget.trustpilot.com *.nr-data.net *.nosto.com *.nos.to *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-tq3HoGpRqn8linE1cSKG1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'none'; script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'nonce-aSA2qglxOhXBxDXgzCujLA=='; report-uri https://rlwak3ea0j.execute-api.ap-northeast-1.amazonaws.com/prod/csp-reports 1
default-src 'self'; script-src 'nonce-c8hf6lVGfdQQutwBKTmTHg==' 'strict-dynamic' 'self' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' unsafe-inline; font-src 'self' data:; img-src 'self' https: blob: data:; object-src 'none'; form-action 'self'; connect-src 'self' https://*; frame-src https://docs.google.com/forms; report-uri https://a63yeeri7wl76nn3q62tl44l3y0zlkpz.lambda-url.ap-northeast-1.on.aws/ 1
default-src 'none'; font-src 'self' https://*.hotjar.com *.livechatinc.com data:; manifest-src 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; img-src 'self' https:; script-src 'self' 'nonce-XI0tAjki3pYJ1sFPiybiLg==' 'unsafe-eval' https://*.hotjar.com *.mailxpert.ch *.livechatinc.com *.livechat-static.com *.google.ch *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.hotjar.com *.livechatinc.com *.google.ch *.google.com *.googleapis.com; frame-src *.livechatinc.com *.google.ch *.google.com *.googletagmanager.com *.doubleclick.net; media-src *.livechatinc.com *.livechat-static.com data:; object-src *.livechatinc.com; child-src *.livechatinc.com; report-uri https://mailxpert.uriports.com/reports/report; report-to default 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: data:; connect-src wss://www.florius.nl https://www.florius.nl https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://digitalassistant-signalr-productie.service.signalr.net wss://digitalassistant-signalr-productie.service.signalr.net https://*.clarity.ms https://c.bing.com https://cobrowse.aah.nl/ wss://cobrowse.aah.nl/; worker-src blob:; report-uri https://www.florius.nl/api/v1.0/CSPReporting/Report?category=report-only; 1
object-src 'none';base-uri 'self';script-src 'nonce-qW50heseFX0qsXCKZxyFwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.zopim.com *.googleapis.com *.zendesk.com ekr.zdassets.com static.zdassets.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.facebook.com *.googleapis.com *.ggpht.com maps.gstatic.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://cdn.evino.com.br https://cdn-staging.evino.com.br https://webchat-8368.twil.io *.clarity.ms unpkg.com polyfill.io maps.googleapis.com *.avada.io *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://polyfill.io https://unpkg.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com/ *.nosto.com *.nos.to unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://x.clarity.ms maps.googleapis.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 1
base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' data: https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1
connect-src 'none'; script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=aidRSrGsSGgXlcofYgVIS_EeBRi.OF5ivd.djICfpU8-1715738364-1.0.1.1-L6XrOx9zkxcATe2MT_dFnhDrAcpi_1XrDy86O3cKOoxdYnV8y2UvmUop2yUJQ6ZtN2UIr7TVbV34SmHjke.nQHUVJ615wvVsDCQWpiA6ww9hxJK.ndogDW0_NBk1JYY9ARR2k2mo3bHbNP0mhTP4Gu46a_dkH4KbHOBfb32W_4rIs9fIDkPKbR7NqYI3fvnvvP3.NI2kvOBszF2e7TysAg; report-to cf-nbevuuxsrzwgnedv 1
script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu 'self' https://*.datareporter.eu/ 'unsafe-inline' https://*.zdassets.com/ https://*.buerostuhl24.com/ https://*.trustedshops.com/ https://*.trustpilot.com/ https://*.dwin1.com/ https://*.newrelic.com/ https://*.google.com/ https://*.gstatic.com/ https://*.pinimg.com/ https://*.bing.com/ https://*.kk-resources.com/ https://*.licdn.com/ https://*.facebook.net/ https://*.adcell.com/ https://*.doubleclick.net/ https://*.criteo.net/ https://*.trbo.com/ https://*.roeyecdn.com/ https://*.criteo.com/ *.de *.com *.org; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu 'self' https://*.datareporter.eu/ 'unsafe-inline'; font-src https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.gstatic.com 'self' data: https://*.datareporter.eu/ *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de www.jsctool.com www.xtento.com https://plumrocket.com https://*.doubleclick.net/ https://*.trbo.com/ https://*.criteo.com/ https://*.pinterest.com/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com 'self' data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ https://*.usercentrics.eu/ https://*.buerostuhl24.at/ https://*.facebook.com/ https://*.pinterest.com/ https://*.linkedin.com/ https://*.bing.com/ https://*.roeyecdn.com/ https://*.google.de/ https://*.twiago.com/ https://*.emxdgt.com/ *.de *.com *.net *.tv *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.datareporter.eu *.plugins.emarsys.net *.scarabresearch.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com https://widgets.trustedshops.com https://integrations.etrusted.com data.hjh-office.fr www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ https://*.zdassets.com/ https://*.usercentrics.eu/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://webcache.datareporter.eu d.ratepay.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com *.datareporter.eu *.scarabresearch.com *.eservice.emarsys.net payments.amazon.de d.ratepay.com www.jsctool.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com t.elasticsuite.io *.google-analytics.com 'self' https://cdn.cookielaw.org/ https://*.zdassets.com/ https://*.usercentrics.eu/ https://hjhoffice.zendesk.com/ wss://widget-mediator.zopim.com/ https://*.pinterest.com/ https://*.buerostuhl24.com/ *.de *.com *.net *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none' 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.jsdelivr.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.gstatic.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.gstatic.com *.trustedshops.com *.etrusted.com *.amazon.de *.payments-amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.trustpilot.com *.aptrinsic.com *.weltpixel.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.lv *.gstatic.com *.googletagmanager.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com *.amazon.de d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.de *.media-amazon.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.fontawesome.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com s7.addthis.com chimpstatic.com *.googletagmanager.com *.zip.co *.sandbox.zip.co *.google.com *.trustedshops.com *.etrusted.com *.amazon.de *.payments-amazon.de *.facebook.net *.bing.com *.doubleclick.net *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.trustpilot.com *.chimpstatic.com *.aptrinsic.com *.avada.io https://www.googletagmanager.com tagmanager.google.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.fontawesome.com cdn.jsdelivr.net *.aptrinsic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ekr.zdassets.com/ dpe0djwch8671.cloudfront.net *.sandbox.zip.co *.zip.co *.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com *.amazon.de mws.amazonservices.de *.bing.com *.clarity.ms *.protectgroup.com *.theticketmerchant.com.au *.cfjump.com *.zipmoney.com.au *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es cdn.ampproject.org *.edge.zip.co *.aptrinsic.com https://get.geojs.io *.avada.io *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube-nocookie.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.pricespider.com https://www.googletagmanager.com/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.pricespider.com https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.pricespider.com *.exponea.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.youtube.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.pricespider.com *.exponea.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.opecashback-edbm-2024.fr numberly.qualifioapp.com *.facebook.net adservice.google.com *.gstatic.com files.qualifio.com www.google.com tag.aticdn.net *.googleapis.com scripts.qualifioapp.com cdnjs.cloudflare.com cdn.cookielaw.org *.doubleclick.net action.metaffiliation.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.weltpixel.com https://preprod.critizr.com https://critizr.com https://static.critizr.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com data: maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.google.com www.google.com www.gstatic.com d23yuld0pofhhw.cloudfront.net c.contentsquare.net *.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.gstatic.com maps.google.com static.addtoany.com cdn.earlybirds-full.min.js cdn.early-birds.fr t.contentsquare.net c.contentsquare.net googleads.g.doubleclick.net ajax.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com https://maps.googleapis.com https://preprod.critizr.com https://critizr.com https://static.critizr.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.jsdelivr.net fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com https://preprod.critizr.com https://critizr.com https://static.critizr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.contentsquare.net www.google-analytics.com stats.g.doubleclick.net api.early-birds.fr https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://scripts.sirv.com; font-src 'self' data: https://scripts.sirv.com; connect-src blob: 'self' https://assets.manufactum.de/ https://assets.magazin.com/ https://manufactum.sirv.com https://video.sirv.com https://scripts.sirv.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://ga-storage.manufactum.de https://connect.facebook.net https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; img-src 'self' data: https://assets.manufactum.de/ https://assets.magazin.com/ https://manufactum.sirv.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://ga-storage.manufactum.de https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; child-src blob: https://*.computop-paygate.com https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; frame-src 'self' blob: https://*.computop-paygate.com https://bid.g.doubleclick.net https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com https://manufactum.sirv.com; worker-src blob:; media-src blob: data: 'self' https://assets.manufactum.de https://assets.magazin.com https://video.sirv.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://scripts.sirv.com https://video.sirv.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://region1.google-analytics.com  https://ga-storage.manufactum.de https://www.googleadservices.com https://adservice.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/ 'sha256-5VP9uvxfmd5dWHD/h/zPZJ0tXqP+FDE3PkUEK5ljc60=' 'sha256-wyAOKm4yiOxl/AA6YznUZtVrG0Rd+VWgvGm3fIlxPeo=' 'sha256-4MDHKMpGuDMac7ZezyhdYw+duJEFSzn0eI+w8GfulDY='; object-src 'none'; style-src 'self' 'unsafe-inline' https://scripts.sirv.com https://assets.manufactum.de https://assets.magazin.com https://manufactum.sirv.com ; report-uri /csp/sell; base-uri 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-w6vms24wcAkPNSLiP4tLag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-8paEvnScLSMQ1rZxr0KnNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-R_X38V1yk1jRNJO1ri5UXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://www.njta.com https://in.getclicky.com/in.php https://wink.njta.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://ajax.googleapis.com https://static.getclicky.com/ https://in.getclicky.com/ https://ajax.googleapis.com https://www.njta.com data: blob:;   connect-src 'self';   style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/css;    img-src 'self' https://www.google-analytics.com/collect;    font-src 'self' https://fonts.gstatic.com;    report-uri https://multimediasolutions.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' kontur.ru *.kontur.ru *.kontur.host *.skbkontur.ru data: https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://www.googletagmanager.com https://fonts.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://tagmanager.google.com *.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; connect-src 'self' kontur.ru *.kontur.ru *.kontur.host *.skbkontur.ru wss://*.kontur.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net *.google-analytics.com *.analytics.google.com https://analytics.google.com https://www.google-analytics.com; report-uri https://frontreport-relay.kontur.host/csp/ 1
object-src 'none';base-uri 'self';script-src 'nonce-1ORwyN2cH1793uJgCUb4og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9s9HFe4auzkuu1hmtZH6Jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com https://www.gstatic.com 1
object-src 'none';base-uri 'self';script-src 'nonce-W9SrY4UVNiIm-MM1nNbQMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://maps.gstatic.com store.paradoxlabs.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.avada.io https://maps.googleapis.com *.authorize.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io https://maps.googleapis.com *.authorize.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com ssl.google-analytics.com script.crazyegg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src 'self' ssl.google-analytics.com; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.huttig.com; connect-src 'self' script.crazyegg.com www.google-analytics.com; media-src 'self'; object-src; prefetch-src 'self'; child-src; frame-src 'self' www.google.com; worker-src; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri /csp_report; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: newassets.hcaptcha.com *.gstatic.com chooseyourcard.com report.incomm.glassboxdigital.io cdn.glassboxcdn.com www.googletagmanager.com www.google-analytics.com ssl.kaptcha.com icnow01.accertify.net www.google.com *.incomm.com js.hcaptcha.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-nHFsFs-lKQStxhGCi5VHMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 2l9u8tyqi4-flywheel.netdna-ssl.com; script-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com google-analytics.com www.google-analytics.com google.com www.google.com www.gstatic.com gstatic.com static.addtoany.com *.wistia.net *.wistia.com; style-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; font-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io distillery.wistia.com; media-src * 'self' https://www.essvote.com; frame-src 'self' www.google.com google.com fast.wistia.net; 1
frame-ancestors 'self' kirkland.granicus.com kirkland.admin.opencities.com kirklandwa.primegov.com; child-src https://kirkland.granicus.com/ https://arcgis.com/ https://kirklandwa.primegov.com/; frame-src 'self' insight.adsrvr.org match.adsrvr.org www.youtube.com us.openforms.com kirklandwa.maps.arcgis.com www.arcgis.com www.volgistics.com www.facebook.com www.instagram.com syndication.twitter.com platform.twitter.com m.facebook.com kirkland.granicus.com inter.kirklandwa.gov e.issuu.com www.eventbrite.com.au docs.cityofkirkland.net media.avcaptureall.cloud maps.kirklandwa.gov app.powerbigov.us public.tableau.com public.govdelivery.com kuula.co archive-video.granicus.com kirklandwa.primegov.com buzzsprout.com www.buzzsprout.com pgwest.blob.core.windows.n docs.kirklandwa.gov; report-uri /ocapi/Public/report-uri/csp;  1
object-src 'none';base-uri 'self';script-src 'nonce-XF38RVrPacyQVr7lhfxxFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.google.com *.opayo.eu.elavon.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bing.com *.cloudfront.net *.google.co.uk *.lpsnmedia.net *.postcodeanywhere.co.uk *.postimg.cc *.quantserve.com *.roeye.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.stripe.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.adnxs.com http://*.adnxs.com *.affiliatefuture.com *.bing.com *.cloudflare.com *.crazyegg.com *.dwin1.com *.esales-hub.com *.fullstory.com *.infinity-tracking.com *.liveperson.net *.lpsnmedia.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.quantserve.com *.quantcount.com *.roeyecdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to js.klevu.com *.ksearchnet.com s7.addthis.com *.hsforms.net *.hsforms.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.postcodeanywhere.co.uk unsafe-inline assets.braintreegateway.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.trustpilot.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.crazyegg.com *.doubleclick.net *.fullstory.com *.googlesyndication.com *.infinity-tracking.net *.infinity-tracking.com *.pinterest.com *.postcodeanywhere.co.uk *.bing.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com youtu.be *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.yahoo.com *.bing.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://www.google.com https://www.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.murdoog.com *.pcapredict.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io widget.freshworks.com m2epro.freshdesk.com https://ipinfo.io *.yimg.com *.doubleclick.net *.adobedtm.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.facebook.net *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'self' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com *.google-analytics.com stats.wp.com *.quantcast.com *.quantserve.com *.quantcount.com quantcast.mgr.consensu.org cmp.inmobi.com form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com 'nonce-Y7J8BO/6kB69tCEQg5WXVp+P' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.quantserve.com prreqcroab.icu pixel.quantcount.com *.cookielaw.org; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net *.quantcount.com *.quantcast.com *.inmobi.com submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1
frame-ancestors 'self' https://*.ps.kz; report-to /_/csp-report; 1
object-src 'none';base-uri 'self';script-src 'nonce-KPhs46rHweVr7052IDc8QA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.zopim.com *.zopim.io *.techgeese.com *.google.com *.klaviyo.com *.fabglassandmirror.com fonts.gstatic.com use.typekit.net *.fontawesome.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action *.twitter.com *.amazon.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.twitter.com *.techgeese.com *.klaviyo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.vimeocdn.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.amazon.com *.braintreepayments.com *.klaviyo.com *.techgeese.com *.fabglassandmirror.com *.facebook.com *.facebook.net *.mailchimp.com *.yotpo.com *.cloudfront.net *.googleapis.com *.payments-amazon.com *.amazonaws.com fab.glass www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com self nonce unsafe-inline unsafe-hashes *.klarna.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.jsdelivr.net *.facebook.com *.amazon.com *.braintreepayments.com *.braintreegateway.com *.techgeese.com *.klaviyo.com *.wisernotify.com *.fabglassandmirror.com *.affirm.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com wss://ws.hotjar.com/ *.hotjar.io *.tiktok.com *.mczbf.com *.pinterest.com *.paypal.com *.swellrewards.com *.ytimg.com *.payments-amazon.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.amazon.com *.braintreepayments.com *.techgeese.com *.klaviyo.com *.fabglassandmirror.com *.wisernotify.com *.yotpo.com *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.google.com assets.braintreegateway.com tagmanager.google.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.techgeese.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.facebook.com *.gstatic.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.googletagmanager.com *.google.com *.amazon.com *.braintree.com *.klaviyo.com googleads.g.doubleclick.net *.callrail.com *.zoominfo.com *.pinimg.com *.facebook.net *.hotjar.com *.tiktok.com *.mczbf.com *.pinterest.com *.techgeese.com wss://techgeese.com:6001/ *.wisermapp.com *.azurewebsites.net wss://ws.hotjar.com/ *.hotjar.io *.fabglassandmirror.com api.rollbar.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com google.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca widget.freshworks.com m2epro.freshdesk.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://fresh-tracks-canada.uriports.com/reports/report; report-to default 1
script-src-elem *.braintreegateway.com *.strapworks.com *.paypal.com *.paypalobjects.com *.impactcdn.com analytics.tiktok.com *.gorgias.chat *.klaviyo.com static.zdassets.com *.trustpilot.com connect.facebook.net bat.bing.com cdn.b0e8.com www.gstatic.com *.google-analytics.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com cdnjs.cloudflare.com *.google.com shareasale-analytics.com *.kaspersky-labs.com www.pagespeed-mod.com 10.171.234.234:15871 blancfox.com hublosk.com jullyambery.net *.amazonaws.com www.strapworks.com localhost:49506 translate.googleapis.com cdn.ghostaio.com *.hotjar.com m59.prod2016.com *.sentry-cdn.com floatingplayer.com payperclickadz.com milkpload.net localhost:6543 *.clarity.ms 10.28.66.1 data1.ursari.com static.hotjar.com www.paypalobjects.com *.akamaihd.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.googleapis.com cdnjs.cloudflare.com www.gstatic.com www.google.com pwm-image.trendmicro.com *.kaspersky-labs.com www.strapworks.com cdn.honey.io adblockers.opera-mini.net *.bootstrapcdn.com www.googletagmanager.com *.klaviyo.com 'self' 'unsafe-inline'; font-src *.fontawesome.com fonts.gstatic.com *.bootstrapcdn.com *.gstatic.com *.typekit.net use.typekit.net static.klaviyo.com static3.avast.com cdn.ivaws.com shopping.qantas.com cdn.honey.io assets.quadpay.com cdn.joinhoney.com *.amazonaws.com at.alicdn.com cdn.scite.ai themes.googleusercontent.com cdnjs.cloudflare.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com https://plumrocket.com *.authorize.net www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com www.strapworks.com connect.facebook.net 'self' 'unsafe-inline'; frame-ancestors www.strapworks.com 'self'; frame-src fast.amc.demdex.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com https://accounts.google.com *.paypal.com *.adobe.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com pay.google.com https://plumrocket.com *.google.com *.opendns.com *.authorize.net bid.g.doubleclick.net *.youtube-nocookie.com *.trustpilot.com *.braintreegateway.com *.paypalobjects.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com www.youtube.com *.doubleclick.net *.facebook.com forms.office.com cj.dotomi.com ssl.kaptcha.com 10.171.234.234:15871 *.securly.com pwm-image.trendmicro.com apps.stifel.com static.klaviyo.com www.paypalobjects.com denied.schoolsbroadband.net filter.techloq.com 199.46.250.167:15871 199.46.196.165:15871 gateway.zscaler.net 199.46.251.175:15871 gateway.zscalertwo.net mozbar.moz.com vars.hotjar.com notify.bluecoat.com cdn.printfriendly.com 3.17.0.144:8443 fansaide.com gateway.zscloud.net floatingplayer.com cdn.exchmapdata.com api.greenadblocker.com gateway.zscalerthree.net login.zscalertwo.net cltfwdproxyf503:444 35.80.101.90:6080 blocked.syd-1.linewize.net portal.bitglass.com itclx36.ra.riteaid.us:15871 10.159.33.11:15871 192.168.1.219:15871 www.google.ca www.google.co.kr www.google.co.uk www.google.ae 192.168.240.81:15871 10.1.1.61:15871 mini.bijiatu.com 10.40.104.115:15871 199.46.250.164:15871 www.google.co.th www.google.co.il www.google.bs www.google.co.jp www.google.com.au www.google.com.mx ckf01.chino.k12.ca.us 'self' 'unsafe-inline'; img-src data: * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com vimeo.com www.vimeo.com www.googletagmanager.com includestest.ccdc02.com *.avada.io https://accounts.google.com *.google.com *.adobe.com www.googleapis.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ c.paypal.com pay.google.com *.paypal.com *.braintreegateway.com *.vimeo.com *.authorize.net g1386590346.co *.strapworks.com googleads.g.doubleclick.net analytics.google.com *.youtube.com https://www.gstatic.com *.trustpilot.com *.commerce-payment-services.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.paypalobjects.com static.zdassets.com cdn.b0e8.com connect.facebook.net bat.bing.com cdnjs.cloudflare.com shareasale-analytics.com tpc.googlesyndication.com widget-mediator.zopim.com 9kpxqu.3dl900.com bls4uz.0137mw.com awhof.z6airr.com cilkonlay.com hublosk.com jullyambery.net proxyerror.quad.com *.akamaihd.net fp166.digitaloptout.com qdatasales.com loungesrc.net *.hotjar.com fq1frg.a6rm7n.com gl9l2.x3hn2p.com gtj33.x3hn2p.com *.sentry-cdn.com *.printfriendly.com components.pearl.com 3h8wo.x3hn2p.com pmy9lv.a6rm7n.com block.opendns.com *.amazonaws.com 01k14.obzjc5.com i99f.a6rm7n.com b8cxq.jahk7c.com 10.251.1.123:15871 mabydick.com clinmaid.com *.klaviyo.com 0ta0l.ez05w7r.com *.clarity.ms 0j470.svn0czn.com www.google.com.ph j6j8xk.svn0czn.com polyfill.io 0b4ndqb.svn0czn.com f2y2n27.o0i7i3.com *.googleapis.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://accounts.google.com *.adobe.com unsafe-inline *.bootstrapcdn.com https://www.gstatic.com *.trustpilot.com fonts.googleapis.com cdnjs.cloudflare.com *.klaviyo.com *.googleapis.com cdn.honey.io logos.formetocoupon.com cdn.joinhoney.com hello.myfonts.net cdn.printfriendly.com pwm-image.trendmicro.com 'self' 'unsafe-inline'; object-src object.center 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com ssl.gstatic.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://accounts.google.com wss://widget-mediator.zopim.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.braintree-api.com *.google.com *.paypal.com *.braintreegateway.com https://get.geojs.io *.avada.io www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.gorgias.chat ekr.zdassets.com *.klaviyo.com *.zendesk.com bat.bing.com *.facebook.com origin-analytics-sand.sandbox.braintree-api.com payments.sandbox.braintree-api.com localhost:49506 api.multiadblock.com api.vkanalytics.net *.amazonaws.com *.doubleclick.net hm.baidu.com *.akamaihd.net metriq.xyz b.1p1eqpotato.com api.smartblocker.org new229.com vc.hotjar.io translate.googleapis.com api.greenadblocker.com api.vid-adblocker.com m59.prod2016.com 1637314617.rsc.cdn77.org meetlookup.com cdnjs.cloudflare.com floatingplayer.com www.instagram.com api.freevideoguard.com o19233.ingest.sentry.io gjtrack.ucweb.com widget-mediator.zopim.com *.hotjar.com invitejs.trustpilot.com wss://*.hotjar.com rawjeansadvertising.com maintainance.poweradblocker.com *.clarity.ms ws://localhost:7784 360api.33445522.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.strapworks.com strapworks.zendesk.com vc.hotjar.io vars.hotjar.com *.clarity.ms 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.instagram.com www.instagram.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; object-src * ; media-src * ; frame-src 'self' www.instagram.com www.googletagmanager.com; manifest-src * ; child-src 'self' www.googletagmanager.com; worker-src * ; base-uri * ; form-action * ; frame-ancestors * ; prefetch-src * ; block-all-mixed-content; report-uri https://flagee.cloud?gdsih-csp-report; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com www.youtube.com portal.azul.com.do analytics.google.com *.facebook.net www.google-analytics.com *.facebook.com kit.fontawesome.com s.btstatic.com www.google.com.do www.googletagmanager.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.ua www.google.com static.zdassets.com *.clarity.ms *.tiktok.com *.smooch.io www.google.pl *.zendesk.com *.doubleclick.net region1.analytics.google.com sensebank.com.ua adservice.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com www.google.de *.gstatic.com js.hcaptcha.com ekr.zdassets.com *.facebook.com analytics.google.com newassets.hcaptcha.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-n57WwNwDJmeS790nSycrtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com *.pure.cloud js.braintreegateway.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.nl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.nl *.spreadshirt.nl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.nl ; font-src 'self' https: data: *.spreadshirt.nl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.nl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.nl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.distributordatasolutions.com analytics.formstack.com www.googletagmanager.com *.mktoresp.com nexus.ensighten.com *.facebook.com *.gstatic.com *.doubleclick.net *.googleapis.com munchkin.marketo.net *.azureedge.net survalyzer.survalyzer.swiss *.marketo.com c.az.contentsquare.net t.contentsquare.net p.brsrvr.com *.facebook.net *.licdn.com cdn.jsdelivr.net files.survalyzer.swiss dc.services.visualstudio.com *.linkedin.com ideadigitalasset.com cdns.brsrvr.com *.msecnd.net www.google.com www.google-analytics.com *.adsrvr.org *.windows.net *.cloudfront.net runtimeapi.survalyzer-swiss.app go.capitalelectricsupply.com www.ideadigitalcontent.com *.mktoutil.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'self' 1
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 1
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' data: 'unsafe-inline' data: *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.doubleclick.net *.google.com *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.google.com www.google.com.ua www.google.com.uk www.google.com.fr www.google.com.de www.google.com.es *.cloudflare.com *.selby.com.au *.facebook.com *.hifishow.com *.stereonet.show *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com googleads.g.doubleclick.net www.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.zipmoney.com.au *.googletagmanager.com *.facebook.net *.gstatic.com *.trackedweb.net *.trackedlink.net *.newrelic.com *.aptrinsic.com *.nr-data.net amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com *.cloudflare.com *.doubleclick.net *.zipmoney.com.au *.trackedweb.net *.zip.co *.nr-data.net *.aptrinsic.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-EAuyXZY9c8hqMU13oy3LOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4Hcs3ywq1qZWTaljRUq_hQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://*.amf.se;connect-src 'self' https://*.amf.se https://amf.piwik.pro https://*.ace.teliacompany.com https://*.ace.teliacompany.net;form-action 'self' https://*.amf.se https://*.minpension.se;frame-src 'self' https://*.amf.se https://amf.fondlista.se https://dreambroker.com https://*.infogram.com https://infogram.com https://*.jobylon.com https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.youtube-nocookie.com;img-src 'self' data: https://*.amf.se https://amf.piwik.pro https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.ytimg.com;media-src 'self' https://*.amf.se https://*.ace.teliacompany.com https://*.ace.teliacompany.net;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://amf.piwik.pro https://*.infogram.com https://infogram.com https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.youtube.com;style-src 'self' data: 'unsafe-inline' https://*.ace.teliacompany.com https://*.ace.teliacompany.net;report-uri /_csp_uri;report-to csp 1
connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bnp-privacy.my.onetrust.com https://quotes.bnpparibasmarkets.be https://quotes.bnpparibasmarkets.ch https://quotes.produitsdebourse.bnpparibas.fr https://quotes.bnpparibasmarkets.nl https://quotes.varant.bnpparibas.com.tr https://cdn.cookielaw.org https://cib.sc.omtrdc.net https://geolocation.onetrust.com https://in.hotjar.com https://stats.g.doubleclick.net https://syndication.twitter.com https://vc.hotjar.io https://web-sdk-eu.aptrinsic.com https://www.google-analytics.com https://www.youtube-nocookie.com wss://websockets.bnpparibasmarkets.be wss://websockets.bnpparibasmarkets.ch wss://websockets.produitsdebourse.bnpparibas.fr wss://websockets.bnpparibasmarkets.nl wss://websockets.varant.bnpparibas.com.tr; default-src 'self'; frame-ancestors 'self' https://*.rewardsatwork.be https://www.iex.nl; frame-src 'self' https://forms.klug-newmedia.de https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://www.youtube.com/iframe_api https://www.youtube-nocookie.com; script-src 'self' https://*.googletagmanager.com https://assets.adobedtm.com https://bnp-privacy.my.onetrust.com https://cdn.cookielaw.org https://cdn.syndication.twimg.com https://cib.sc.omtrdc.net https://platform.twitter.com https://script.hotjar.com https://static.hotjar.com https://storage.googleapis.com https://www.youtube.com 'sha256-d26KPbO5JnCveBSpn7HS2ZGhVyD0bECnt3+OlmLV/RY=' 'sha256-hbsKiu0kqNRj+jtfXhSDeqmNwcqBsLKek9UU5mU2Vms=' 'nonce-+EPUiKoQkPiAYk+YeCnmKgZV97To8nxEthHlm1z6c9w='; report-uri https://vicompany.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com use.typekit.net *.bglobale.com *.global-e.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com 'self' data: *.crisp.chat *.hotjar.com *.hotjar.io *.googleapis.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.ometria.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bglobale.com *.global-e.com *.iubenda.com secure.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com www.xtento.com *.facebook.com *.facebook.net *.pinterest.com *.pinterest.co.uk *.hotjar.com *.hotjar.io *.clarity.ms *.rakuten.com *.vimeo.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.google.com/ *.doubleclick.net *.paypalobjects.com *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *..gorgias.io4- *.gorgias.work 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bglobale.com *.global-e.com *.iubenda.com www.google.com.ua www.google.com.uk www.google.com.fr www.google.com.de www.google.com.es www.xtento.com cdn.xtento.com *.cloudflare.com *.cloudfront.net https://cdn.klarna.com *.cdnwidget.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.ometria.com *.cdn-ometria-com.s3-eu-west-1.amazonaws.com *.postcodeanywhere.co.uk *.bing.com *.pinterest.com *.pinterest.co.uk *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io *.google.com *.google.co.uk *.vimeo.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.gstatic.com *.astleyclarke.com *.emjcd.com cj.dotomi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ *.google.com *.magento-datasolutions.com *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bglobale.com *.global-e.com *.iubenda.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu *.cloudfront.net client.crisp.chat *.pcapredict.com *.postcodeanywhere.co.uk *.ometria.com *.pinterest.com *.pinterest.co.uk *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io *.bing.com *.googleoptimize.com *.googleapis.com *.google.co.uk *.rakuten.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.wknd.ai *.mczbf.com *.gorgias.chat2- *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *..gorgias.io4- *.gorgias.work 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.bglobale.com *.global-e.com maxcdn.bootstrapcdn.com *.trustpilot.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu client.crisp.chat *.postcodeanywhere.co.uk *.bounceexchange.com *.gorgias.chat2- *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *..gorgias.io4- *.gorgias.work 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iubenda.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: *.cloudflare.com *.paypal.com *.ometria.com *.cdn-ometria-com.s3-eu-west-1.amazonaws.com *.crisp.chat wss://client.relay.crisp.chat *.postcodeanywhere.co.uk *.doubleclick.net *.pinterest.com *.bing.com *.pinimg.com *.facebook.com *.facebook.net *.clarity.ms *.hotjar.com *.hotjar.io wss://*.hotjar.com *.rakuten.com *.linksynergy.com *.bounceexchange.com *.bouncex.net *.google-analytics.com *.analytics.google.com *.googleapis.com *.cdnbasket.net *.mczbf.com *.google.com/ *.google.co.uk/ google.com *.astleyclarke.com *.trustpilot.com *.gorgias.chat3- *.gorgias.chat4- *.gorgias.chat5- *..gorgias.io4- *.gorgias.work 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://astleyclarke.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: data: https://media.flixcar.com/ https://media.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.facebook.com/tr/ https://content.jwplatform.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.hotjar.com https://www.facebook.com/tr/ https://static.addtoany.com/ https://static.zdassets.com/ https://script.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com https://googleads.g.doubleclick.net https://www.google.com.ar https://www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com https://connect.facebook.net logo.flixfacts.co.uk https://widgets.magentocommerce.com/ https://media.flixcar.com/ *.flix360.com notifications-icommkt.website *pagead2.googlesyndication.com data: 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com *.google.com *.gstatic.com *.avada.io cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.hotjar.com *.hotjar.io https://static.hotjar.com/c/hotjar- https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://www.google-analytics.com/u/analytics_debug.js https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://static.zdassets.com/ https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js intent://arvr.google.com https://static.addtoany.com/menu/page.js https://static.addtoany.com/ https://static.zdassets.com/ekr/snippet.js *.flixfacts.com/ *.flixcar.com/ https://media.flixfacts.com/js/loader.js https://media.flixcar.com/delivery/static/tracking/tracking.js https://samsungxr.s3.amazonaws.com/js/ar_casacuesta.js https://cdn.jsdelivr.net/gh/Wruczek/Bootstrap-Cookie-Alert@gh-pages/cookiealert.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__es.js *pagead2.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com cdn.dnky.co https://media.flixfacts.com/ https://media.flixcar.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com https://static.zdassets.com/ https://media.flixcar.com/ https://media.flixfacts.com/ https://media.flixsyndication.net/ https://assets-jpcust.jwpsrv.com/ https://ssl.p.jwpcdn.com/ *.cloudfront.net/ https://d3nkfb7815bs43.cloudfront.net/ https://d2m3ikv8mpgiy8.cloudfront.net/ https://media.pointandplace.com/ https://player.pointandplace.com/ https://t.pointandplace.com/ *.pointandplace.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net vimeo.com api.magento.com commerce.adobedtm.com commerce.adobedc.net commerce.adobe.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com api.comapi.com bam.nr-data.net *.hotjar.com *.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ https://casacuesta.zendesk.com/ https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://prod.flixgvid.flix360.io https://t.flix360.com https://syndication.flix360.com *.flix360.com *.amazonaws.com *media.flixcar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mitec.com.mx *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mitec.com.mx 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mitec.com.mx *.e-pago.com.mx www.threedsecurempi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.mitec.com.mx *.newrelic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mitec.com.mx api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self'; connect-src 'self' *.hotjar.com https://api.kushkipagos.com analytics.tiktok.com *.hotjar.io https://api-uat.kushkipagos.com/ https://api.chaide.com https://www.google-analytics.com *.doubleclick.net *.adroll.com *.zdassets.com *.zendesk.com; default-src 'self'; font-src 'self' *.hotjar.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://*.placetopay.ec https://*.google.com https://optimize.google.com vars.hotjar.com https://www.facebook.com/tr/ https://vars.hotjar.com https://stags.bluekai.com *.youtube.com https://td.doubleclick.net/; img-src * 'self' data: https:'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.linkedin.com www.googletagmanager.com *.oracleinfinity.io dc.oracleinfinity.io www.google.es www.google.com www.facebook.com stags.bluekai.com www.google-analytics.com; manifest-src 'self'; media-src * 'self' 'unsafe-eval' 'unsafe-inline' https://chaide.s3.us-east-2.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zdassets *.googletagmanager https://www.gstatic.com https://tracker.metricool.com *.youtube.com https://*.google.com https://*.placetopay.ec https://analytics.tiktok.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.ads.linkedin.com platform.linkedin.com *.licdn.com www.google-analytics.com https://static.hotjar.com https://script.hotjar.com snap.licdn.com *.oracleinfinity.io acdn.adnxs.com script.hotjar.com *.hotjar.com https://script.hotjar.com static.hotjar.com vars.hotjar.com c.oracleinfinity.io connect.facebook.net tags.bkrtx.com www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.placetopay.com https://optimize.google.com https://fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com https://cdnjs.cloudflare.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-5fevW0B5bixUgTc4FpKJJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com *.rpc-raiffeisen.com *.upc.ua *.kapitalbank.az *.ukrsibbank.com *.bcc.kz:* *.cgbchina.com.cn *.klikbca.com *.sumup.com *.hpb.hr *.inecoecom.am *.redbanc.cl *.yapikredi.com.tr *.emv.acs.opentech.com *.attijariwafa.com *.areq.mpts.modirum.com:* *.bkm.com.tr:* *.3dsacs.net *.maybank.com.my *.wibmo.com *.icicibank.com *.afs.com.bh *.kaspi.kz *.ntctr.acs.danskebank.com *.optimuscards.com *.abmb.com.my *.slsp.sk *.zen.com *.sparda.de *.ecommerce.md *.spdb.com.cn:* *.smartsecure.tsys.co.uk:* *.acswbpd.ccb.com *.eahli.com *.zaba.hr *.fortebank.com *.fuib.com *.estcard.ee *.tribepayments.com *.ctbcbank.com *.armbusinessbank.am 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.trackedlink.net *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.co.uk/shp_gbr_en/webformat_csptools/report/; 1
default-src https: https://tbs.tradedoubler.com:*  https://s7g10.scene7.com:* https://stenaline.nl:*; script-src 'unsafe-inline' https://acrobatservices.adobe.com:* https://cdn.cookielaw.org:* https://cdn.mouseflow.com:* https://documentservices.adobe.com:* https://www.google-analytics.com:* https://www.googletagmanager.com:* https://www.stenaline.nl/etc.clientlibs:* https://www.stenaline.nl:* https://connect.facebook.net:* https://messenger.ebilobster.ai:* https://*.stenaline.com:* https://stenaline.com:* https://assets.adobedtm.com:*; img-src data: https: https://s7g10.scene7.com:*; style-src 'self' 'unsafe-inline' https://acrobatservices.adobe.com:* https://*.stenaline.com:* https://stenaline.com:* https://stenaline.nl:*; object-src 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-SSbEinu2G6Pm0JB12LK10g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.hana.ondemand.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com *.avada.io *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'none'; worker-src 'none'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://braze-images.com; frame-src 'self' https://classroom.google.com https://form.typeform.com https://*.clickviewapp.com; media-src 'self' https://*.clickviewapp.com; img-src 'self' data: https://*.clickviewapp.com https://cdn.usefathom.com https://*.trackjs.com https://www.googletagmanager.com https://maps.googleapis.com https://braze-images.com; connect-src 'self' https://*.clickview.com.au https://*.clickview.co.uk https://*.clickview.us wss://*.clickview.com.au wss://*.clickview.co.uk wss://*.clickview.com.au wss://*.clickview.us https://*.clickviewapp.com wss://*.clickviewapp.com https://*.trackjs.com https://maps.googleapis.com wss://*.vivi.io https://*.clickviewlocalcache.com:9055 https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.clickview.com.au https://cdn.usefathom.com https://www.googletagmanager.com https://apis.google.com https://maps.googleapis.com https://teams.microsoft.com https://braze-images.com; base-uri 'none'; form-action 'self'; frame-ancestors https:; report-to default; report-uri https://www.clickview.net/_diagnostics/csp; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-0Fz8Y3eLxiGPdm6SCzsSUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.ingest.sentry.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 1
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.instagram.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.google.com/ *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org www.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com data: *.cloudfront.net *.olark.com *.formstack.com *.cloudflare.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.formstack.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.proworldinc.com *.formstack.com *.trustpilot.com *.gstatic.com *.google.com *.doubleclick.net *.olark.com *.google.co.in *.criteo.com *.criteo.net *.inksoft.com *.attn.tv *.hotjar.com ct.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://sync-tm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.contextweb.com/ *.fwmrm.net *.sitescout.com *.adfarm1.adition.com *.adgrx.com *.adform.net *.shareasale.com https://public-prod-dspcookiematching.dmxleo.com/ https://hb.yahoo.net/ *.omappapi.com *.shopperapproved.com *.gstatic.com *.cloudfront.net *.google.com *.google.co.in *.bing.com *.olark.com *.doubleclick.net *.attentivemobile.com *.klaviyo.com www.gravatar.com *.helpdocs.io *.clmbtech.com *.media.net *.teads.tv *.tapad.com *.outbrain.com *.postrelease.com *.yahoo.com *.criteo.com *.advertising.com *.yieldmo.com *.sharethrough.com *.addthis.com *.taboola.com *.360yield.com *.smartadserver.com *.aralego.com *.rubiconproject.com *.bidswitch.net *.liadm.com *.demdex.net *.agkn.com *.aralego.net *.krxd.net *.bluekai.com *.turn.com *.amgdgt.com *.ytimg.com *.inksoft.com ct.pinterest.com *.attn.tv *.simpli.fi *.pubmatic.com *.adnxs.com *.casalemedia.com *.3lift.com *.socdm.com *.dable.io *.adingo.jp *.rlcdn.com *.mediavine.com *.smaato.net *.formstack.com *.stickyadstv.com *.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ twitter.com platform.twitter.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.shopperapproved.com *.google.com *.googleapis.com *.gstatic.com *.cloudfront.net *.doubleclick.net *.bing.com *.criteo.net *.attn.tv *.olark.com *.opmnstr.com *.attentivemobile.com *.formstack.com *.omappapi.com *.criteo.com *.inksoft.com s.pinimg.com *.hotjar.com *.klaviyo.com *.dwin1.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.bootstrapcdn.com *.googleapis.com *.cloudfront.net *.olark.com *.formstack.com *.klaviyo.com *.omappapi.com *.cloudflare.com *.gstatic.com *.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.attentivemobile.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.hotjar.io *.hotjar.com https://vc.hotjar.io/ https://measurement-api.criteo.com/ https://metrics.hotjar.io/ *.klaviyo.com *.rollbar.com *.cloudfront.net *.olark.com *.omappapi.com *.attentivemobile.com *.doubleclick.net *.getsidecar.com ct.pinterest.com *.attn.tv *.googleapis.com *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.omappapi.com *.formstack.com *.hotjar.com *.1rx.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data: *.typekit.net; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data: *.typekit.net; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com  *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-sahNBvUTfKL-Jz0yMlGXdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.novaturas.lt dev-lt-novaturas.readymage.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.novaturas.lt  https://track.adform.net https://master.d28zlv4dg2b2g7.amplifyapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' https://localhost https://novaturas-gwe-1661146907.readymage.com https://novaturas-gwe-1661146907.readymage-media.com https://prod-lt-novaturas.readymage.com https://www.google.com https://hatscripts.github.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s2.adform.net  https://track.adform.net https://cdn.mxapis.com/service-worker.js https://svht.tradedoubler.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com 'unsafe-inline' 'unsafe-eval' *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' https://bam.eu01.nr-data.net https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://analytics.google.com https://stats.g.doubleclick.net ws: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' https://dev-lt-novaturas.readymage.com https://stage-lt-novaturas.readymage.com https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://novaturas-gwe-1661146907.readymage-media.com https://use.typekit.net https://www.googletagmanager.com https://localhost 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Hlw_fST8YYGBn_tThbSLOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src static.hsappstatic.net;  media-src greenpeace.org.au *.greenpeace.org.au; script-src * 'unsafe-inline' 'unsafe-eval';  style-src *  'unsafe-inline';  img-src * data:;  base-uri   'self'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; font-src greenpeace.org.au *.greenpeace.org.au fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com https://*.hubspotusercontent30.net https://8586633.fs1.hubspotusercontent-na1.net https://script.hotjar.com https://vc.hotjar.io data:;  frame-src *;  connect-src 'self' *.doubleclick.net analytics.google.com *.google-analytics.com *.hotjar.com https://stripe-payments-dot-gpap-engineering.appspot.com https://bat.bing.com https://www.facebook.com https://www.greenpeace.org.au https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://forms.hsforms.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://cp.hubspot.com https://ec.instapagemetrics.com https://heatmap-events-collector.instapage.com https://www.google.com https://pagead2.googlesyndication.com https://adservice.google.com https://api.omappapi.com https://sentry.io https://api.stripe.com https://analytics.tiktok.com https://cds.taboola.com https://trc-events.taboola.com https://*.convertexperiments.com; report-uri https://o196544.ingest.sentry.io/api/6683985/security/?sentry_key=223a0fdbcdce4e2aadda1caa22c16eab 1
object-src 'none';base-uri 'self';script-src 'nonce-P77NWQz1NYYlwrbJfFJCVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.hotjar.com https://www.googletagmanager.com/ cdn.dnky.co *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com https://maps.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com chimpstatic.com https://www.google.com *.hotjar.com https://www.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.paypal.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.zopim.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com cdn.prooffactor.com cdn.one.store https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cookiehub.net downloads.mailchimp.com *.fontawesome.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.hotjar.com *.google.com *.analytics.google.com *.g.doubleclick.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com *.one.store 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.doubleclick.net *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com maps.googleapis.com accounts.google.com www.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com https://www.google.com.do/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8FD9GX6MV4&cid=153064202.1709653550&gtm=45je4410v897318201z8897303589za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&z=746871112 *.simpleanalyticscdn.com *.googlesyndication.com *.doubleclick.net *.supermercadosnacional.com *.googletagmanager.com https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403280101/show_ads_impl_fy2021.js?bust=31082333 https://static.zdassets.com/web_widget/classic/latest/web-widget-main-6235535.js https://tpc.googlesyndication.com/sodar/sodar2.js data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.avada.io https://www.google.com *.gstatic.com https://maps.googleapis.com *.yotpo.com *.zdassets.com *.googlesyndication.com *.cloudflareinsights.com *.cloudfront.net *.woopra.com *.simpleanalyticscdn.com *.icommarketing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.fontawesome.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.comapi.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com *.zdassets.com *.google.com.ar *.doubleclick.net *.zendesk.com *.icommkt.com wss://widget-mediator.zopim.com *.simpleanalyticscdn.com *.woopra.com track-icommkt.com *.googlesyndication.com notifications-icommkt.com www.google.com.ar analytics.google.com csi.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'report-sample' 'nonce-PavAyOS2if4l' 'strict-dynamic' https: http: 'unsafe-eval'; base-uri 'self'; report-to endpoint-report; report-uri https://membre.carenity.com/csp/report/public; font-src https://www.carenity.com/ data: https://appleid.cdn-apple.com/ https://fonts.gstatic.com ; frame-src https://td.doubleclick.net https://m.youtube.com https://myaccount.google.com https://accounts.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.carenity.com/ https://drive.google.com/ https://www.google.com/recaptcha/; object-src https://www.youtube.com/ https://membre.carenity.com/static/docs/; style-src 'unsafe-inline' https://www.carenity.com/ https://www.amcharts.com/ https://ajax.googleapis.com/ https://accounts.google.com/gsi/style https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; form-action https://www.carenity.com/ https://membre.carenity.com/; 1
object-src 'none';base-uri 'self';script-src 'nonce-TlZJVkgVqiX-Osf7gdUrQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; child-src 'self' blob: players.brightcove.net; connect-src 'self' 322e30018b7e4846825041773c891f42.svc.dynamics.com adservice.google.com adservice.google.com api.dc.siemens.com *.eu.auth0.com blob: data.cdn.siemens.com edge.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net mktdplp102cdn.azureedge.net *.ingest.sentry.io search.new.siemens.com siemens.sc.omtrdc.net w3.siemens.com www.google.com www.google.com *.virtualevent.siemens.com go.cuenect.de ue2gfcryae.execute-api.eu-central-1.amazonaws.com author.new.siemens.com; default-src 'self' blob: data:; frame-src 322e30018b7e4846825041773c891f42.svc.dynamics.com players.brightcove.net playout.3qsdn.com; img-src 'self' *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net 322e30018b7e4846825041773c891f42.svc.dynamics.com ad.doubleclick.net adservice.google.com adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net data: googleads.g.doubleclick.net images.mktsvcp102we001.svc.dynamics.com metrics.brightcove.com siemens.sc.omtrdc.net stats.adlytics.net www.facebook.com www.googletagmanager.com cdn.go.cuenect.net; manifest-src 'self' *.c2comms.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com data.cdn.siemens.com geolocation.onetrust.com img.en25.com jsd-widget.atlassian.com mktdplp102cdn.azureedge.net prod.ste.dc.siemens.com tools.adlytics.net w3.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com 322e30018b7e4846825041773c891f42.svc.dynamics.com *.virtualevent.siemens.com; style-src 'self' 'unsafe-inline' tools.adlytics.net; upgrade-insecure-requests; report-uri https://w3.siemens.com/report?environment=mobility-prod&release=4da6f47f; report-to commscloud 1
default-src 'none'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*.benidorm.org https://insuit.net https://benidorm--org.insuit.net https://*.insuit.net https://www.googletagmanager.com *.google-analytics.com *.google.com  *.gstatic.com *.googleapis.com *.jquery.com tracker.metricool.com unpkg.com static.codepen.io codepen.io cdnjs.cloudflare.com code.highcharts.com cdn.anychart.com stuk.github.io cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://polyfill.io; object-src 'self'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.gstatics.com *.fontawesome.com *.googleapis.com allfont.net allfont.es unpkg.com *.cloudflare.com https://benidorm--org.insuit.net https://cdn.insuit.net; img-src 'self' *.benidorm.org unpkg.com *.osm.org *.cdninstagram.com instagram.com www.instagram.com contenidos-pro-d10.benidorm.org:8443 tracker.metricool.com data: *.google-analytics.com; media-src 'self' *.benidorm.org benidormtv.s3.eu-west-1.amazonaws.com; frame-src 'self' *.google.com *.youtube.com iframe.dacast.com *.vimeo.com https://benidorm--org.insuit.net insuit.net https://*.insuit.net; frame-ancestors 'self'; child-src 'self' *.google.com *.youtube.com data:; font-src 'self' *.gstatic.com *.fontawesome.com *.googleapis.com https://*.insuit.net data:; connect-src 'self' *.google-analytics.com *.benidorm.org https://stats.g.doubleclick.net *.deltanetsi.es *.googleusercontent.com instagram.com *.instagram.com https://bam.nr-data.net https://stats.insuit.net https://benidorm--org.insuit.net https://www.googleapis.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-q4x4igcmDJSDoLY0EMiuHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.userway.org imgs.signifyd.com ad.ipredictive.com staticw2.yotpo.com *.doubleclick.net tasks.gsmoutdoors.com www.google.com www.gsmoutdoors.com *.gstatic.com *.online-metrix.net www.googletagmanager.com us-an.gr-cdn.com www.gsmblasts.com stackpath.bootstrapcdn.com use.typekit.net ka-p.fontawesome.com *.facebook.com analytics.google.com p.typekit.net ga.getresponse.com *.facebook.net cdn11.bigcommerce.com an.gr-wcon.com cdn.jsdelivr.net p.yotpo.com bc.truglo.com api.userway.org www.google-analytics.com cdn77.api.userway.org ga2.getresponse.com bes.gcp.data.bigcommerce.com cdn-scripts.signifyd.com media-cdn.ipredictive.com kit.fontawesome.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.cloudflare.com *.jsdelivr.net *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu sketchfab.com cl.avis-verifies.com *.doubleclick.net *.pinterest.com *.criteo.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io *.sketchfab.com cl.avis-verifies.com *.contentsquare.net analytics.digital-metric.net *.demdex.net *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com  *.gstatic.com *.paypal.com *.paypalobjects.com *.ytimg.com *.avis-verifies.com *.digital-metric.net *.get-potions.com *.bing.com *.pinterest.com *.facebook.com *.mageside.com *.meetanshi.com *.mapbox.com *.openstreetmap.org *.googleapis.com *.braintreegateway.com *.interiors.fr/ *.google.com mageside.com https://meetanshi.com/media/logo.png https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net googleapis.com sdk.privacy-center.org tag.search.sensefuel.com tag.search.sensefuel.live widgets.rr.skeepers.io www.dwin1.com www.personalicanvas.com t.contentsquare.net try.abtasty.com www.googlecommerce.com partner.interiors.fr *.digital-metric.com *.digital-metric.net *.cloudfront.net hit.uptrendsdata.com cdn.matomo.cloud halc.iadvize.com client.get-potions.com *.carts.guru connect.facebook.net js-agent.newrelic.com *.pinimg.com *.bing.com *.app-us1.com *.frizbit.com ct.pinterest.com *.criteo.com *.googletagmanager.com *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com tag.search.sensefuel.com *.frizbit.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu region1.google-analytics.com *.search.sensefuel.live dcinfos-cache.abtasty.com ariane.abtasty.com halc.iadvize.com api.iadvize.com client.get-potions.com *.carts.guru api.privacy-center.org hit.uptrendsdata.com bam.nr-data.net c.contentsquare.net *.google.com *.doubleclick.net *.frizbit.com *.pinterest.com maps.googleapis.com *.criteo.com *.googlesyndication.com *.google-analytics.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' bigcommerce.okta.com *.oktacdn.com; connect-src 'self' bigcommerce.okta.com bigcommerce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com bigcommerce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bigcommerce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' bigcommerce.okta.com *.oktacdn.com; frame-src 'self' bigcommerce.okta.com bigcommerce-admin.okta.com login.okta.com com-okta-authenticator: api-b4d86248.duosecurity.com; img-src 'self' bigcommerce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bigcommerce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-oYuF6a1qC3gYuL-Y0nnzJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-eH2hnDX5Ces6CQq_DqHfOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline' data: *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.wwhardware.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.wwhardware.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com platform.twitter.com *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.yotpo.com www.wwhardware.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudflare.com *.bing.com *.zonos.com *.marchex.io *.google.com *.pinterest.com *.adroll.com ads.yahoo.com *.facebook.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.company-target.com *.instinctiveads.com *.dca0.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.cloudflare.com *.twitter.com *.fontawesome.com *.marchex.io *.hotjar.com *.bing.com *.googletagmanager.com *.pinterest.com http://chimpstatic.com *.facebook.net *.zonos.com *.adroll.com *.dca0.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.wwhardware.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com www.wwhardware.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudflare.com *.hotjar.com *.zonos.com *.google-analytics.com *.doubleclick.net *.adroll.com *.dca0.com *.attentivemobile.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.wwhardware.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.wwhardware.com http: https: blob: 'self' 'unsafe-inline'; default-src www.wwhardware.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://woodworkers.test/; report-to report-endpoint; 1
form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src *.sizebay.technology *.connectif.cloud fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; style-src *.sizebay.technology *.connectif.cloud downloads.mailchimp.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; script-src *.clickcease.com *.sleeknote.com *.sizebay.technology www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src region1.analytics.google.com *.sleeknote.com *.sizebay.technology *.connectif.cloud www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; img-src *.sleeknote.com www.tinycottons.com *.sizebay.technology *.connectif.cloud widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; connect-src 'self' stats.peer.biz; img-src 'self' data: images2.trentino.com css.trentino.com  www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self'; base-uri 'none'; connect-src https: wss:; font-src https:; form-action 'self'; frame-ancestors 'self'; frame-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://kosik.bauhaus.sk/csp_report; 1
connect-src 'self' https://stats.g.doubleclick.net/j/collect; default-src 'none'; font-src 'self' data:application/x-font-woff https://fonts.gstatic.com https://s0.wp.com/i/noticons/Noticons.ttf *.wp.com https://boards.greenhouse.io; frame-src https://www.podbean.com *.wp.com https://boards.greenhouse.io https://player.vimeo.com https://www.google.com https://widgets.wp.com; img-src 'self' data: https://boards.greenhouse.io https://secure.gravatar.com https://secure.gravatar.com https://*.wp.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pixel.wp.com https://www.google-analytics.com *.wp.com *.mailchimp.com *.list-manage.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://boards.greenhouse.io https://cdn.ampproject.org https://player.vimeo.com *.wp.com https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js https://*.wp.com https://s0.wp.com/wp-content/js/bilmur.min.js https://stats.wp.com/e-202042.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/recaptcha__en.js https://s0.wp.com/wp-content/mu-plugins/admin-bar/masterbar-overrides/masterbar.css?ver=9.0.2 https://s0.wp.com/i/noticons/noticons.css?ver=20120621 https://hurricanelabs.us1.list-manage.com https://downloads.mailchimp.com https://chimpstatic.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wp.com https://*.wp.com/wp-content/mu-plugins/admin-bar/wpcom-admin-bar.css?ver=9.0.2 https://s0.wp.com/i/noticons/noticons.css?ver=20120621 https://s0.wp.com/wp-content/mu-plugins/admin-bar/masterbar-overrides/masterbar.css?ver=9.0.2 https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.css?ver=9.0.2-202042 downloads.mailchimp.com; base-uri ; frame-ancestors 'none'; report-uri https://hurricanelabs.report-uri.com/r/d/csp/enforce; report-uri /_/csp-reports 1
object-src 'none';base-uri 'self';script-src 'nonce-XXgB59bzvzdwDKohSarrqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.haustierkost.de *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: wp.haustierkost.de data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com wp.haustierkost.de 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com wp.haustierkost.de 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: platform.twitter.com *.doubleclick.net *.trustpilot.com *.haustierkost.de *.consentmanager.net *.klarna.com *.weltpixel.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com wp.haustierkost.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com validate.fishpig.co.uk *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com pinterest.com assets.pinterest.com syndication.twitter.com *.ausgezeichnet.org *.bing.com *.google.de *.googletagmanager.com *.haustierkost.de *.consentmanager.net www.xtento.com cdn.xtento.com *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: wp.haustierkost.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.plugins.emarsys.net *.scarabresearch.com twitter.com platform.twitter.com siegel.ausgezeichnet.org *.bing.com *.cloudflareinsights.com *.cloudflare.com *.doubleclick.net *.smartlook.com *.trustpilot.com *.haustierkost.de *.consentmanager.net www.xtento.com cdn.xtento.com *.googletagmanager.com *.facebook.net *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com wp.haustierkost.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com wp.haustierkost.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.haustierkost.de wp.haustierkost.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.scarabresearch.com *.eservice.emarsys.net *.bing.com *.doubleclick.net *.facebook.com *.smartlook.com *.smartlook.cloud *.haustierkost.de *.consentmanager.net *.google.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io wp.haustierkost.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com wp.haustierkost.de http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com wp.haustierkost.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://haustierkost.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
font-src *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com *.typekit.net downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://client.crisp.chat *.fontawesome.com *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.adyen.com p.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.adyen.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.adyen.com https://image.crisp.chat https://images.unsplash.com *.jardindupicvert.com *.promessedefleurs.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://client.crisp.chat *.avada.io https://cdnjs.cloudflare.com https://unpkg.com/pwacompat *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://client.crisp.chat *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.promessedefleurs.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-u3731Wt3WOlA9QsBPGp2Jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' https://bat.bing.com https://*.googletagmanager.com https://www.google-analytics.com https://beacon-v2.helpscout.net https://code.jquery.com/ui/ https://*.sharethis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://apis.google.com https://*.booking.com https://cf.bstatic.com ;style-src 'self' https://code.jquery.com/ui/ https://beacon-v2.helpscout.net https://fonts.googleapis.com https://rsms.me 'unsafe-inline' https://cf.bstatic.com ;connect-src 'self' https://railcards.trainsplit.com https://railcards.*.trainsplit.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://sentry.trainsplit.com wss://*.pusher.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net https://bat.bing.com https://stats.g.doubleclick.net https://l.sharethis.com ;font-src 'self' data: https://beacon-v2.helpscout.net https://fonts.gstatic.com https://rsms.me;form-action 'self' https://accounts.google.com ;img-src 'self' * data: https://*.googletagmanager.com https://*.google-analytics.com ;media-src https://beacon-v2.helpscout.net;object-src 'none';frame-ancestors 'self';frame-src https://beacon-v2.helpscout.net https://www.google.com/ https://www.stay22.com https://trainsplit.firebaseapp.com https://*.trainsplit.com https://www.youtube.com https://www.booking.com ;base-uri 'self';child-src ;report-uri https://sentry.trainsplit.com/api/9/security/?sentry_key=30a134ca37b2460a883919c5329d33ff 1
script-src 'self' https://js.stripe.com 'unsafe-eval' 'sha256-Jxve8bBSodQplIZw4Y1walBJ0hFTx8sZ5xr+Pjr/78Y=' 'sha256-XOlW2U5UiDeV2S/HgKqbp++Fo1I5uiUT2thFRUeFW/g=' 'unsafe-hashes' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-gC0PN/M+TSxp9oNdolzpqpAA+ZRrv9qe1EnAbUuDmk8=' 'nonce-K0dxTuaMV66-EbtndEd5fg'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src https://js.stripe.com/ https://media.ccc.de https://www.youtube.com https://archive.org; report-uri https://emfcamp.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-rqolwjOhj-Kj6HnJpCWKtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com *.cloudfront.net bm-rx.atatus.com www.google-analytics.com vc.hotjar.io *.livechatinc.com *.gstatic.com www.googletagmanager.com *.googleapis.com region1.google-analytics.com content.hotjar.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hub24.com.au www.google-analytics.com *.gstatic.com www.google.com app.sharelinktechnologies.com use.typekit.net *.googleapis.com p.typekit.net *.doubleclick.net *.googleadservices.com *.facebook.com prreqcroab.icu analytics.google.com *.linkedin.com www.google.com.au adservice.google.com www.googletagmanager.com pi.pardot.com secure.quantserve.com *.facebook.net *.licdn.com *.vimeo.com rules.quantcount.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.google.co.uk *.realytics.io *.realytics.net cdn.jsdelivr.net *.youtube.com https://*.clarity.ms https://*.bing.com https://*.affilae.com *.facebook.com https://*.google-analytics.com https://*.facebook.net https://*.licdn.com https://*.doubleclick.net *.google.com *.gstatic.com artetfenetres.script.admo.tv; frame-ancestors 'self' http://localhost:3000/ http://localhost:8080 http://configurateur-facade.aetf.noksi.pro/ https://bornes.artetfenetres.com/ https://borne.artetfenetres.com/ https://aetf-borne.local.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.ekonsilio.io *.leadplace.fr *.realytics.io *.realytics.net googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.clarity.ms *.affilae.com *.google-analytics.com *.facebook.net *.bing.com *.licdn.com *.privacy-center.org *.googletagmanager.com  artetfenetres.script.admo.tv *.kameleoon.eu *.gstatic.com *.kameleon.com; connect-src *.google.com *.googlesyndication.com google.com *.realytics.io *.realytics.net *.google.co.uk *.google.fr *.facebook.com *.ads.linkedin.com *.doubleclick.net *.bing.com *.googleapis.com maps.googleapis.com *.artetfenetres.com *.clarity.ms *.oribi.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.privacy-center.org; frame-src self *.google.com; img-src 'self' data: 'unsafe-inline' *.googlesyndication.com *.ads.linkedin.com *.google.co.uk *.clarity.ms *.linkedin.com *.facebook.com *.bing.com *.google-analytics.com *.googletagmanager.com *.artetfenetres.com *.kameleoon.eu *.doubleclick.net *.kameleoon.com *.google.com *.affilae.com *.tradedoubler.com *.google.fr 1
object-src 'none';base-uri 'self';script-src 'nonce-O2ww21NKDBiXvHikQUDVZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; base-uri 'self'; connect-src 'self' about: api2.weltsparen.de 1752680588.rsc.cdn77.org *.google.com api.fbanalytics.org  api.global-data-lab.com api.ultimateaderaser.com cdn.raisin.es ciuvo.com data: *.kaspersky-labs.com *.clarity.ms overbridgenet.com sdk-tracing.exponea.com tr.outbrain.com translate.googleapis.com w88p9x.com www.google.be www.google.ca www.google.cl www.google.co.cr www.google.co.jp www.google.co.mz www.google.co.uk www.google.com.ar www.google.com.bo www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.gt www.google.com.mx www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.py www.google.com.sv www.google.de www.google.es www.google.fr www.google.hn www.google.it www.google.nl www.google.pt www.googletagmanager.com api2.raisin.com consent-api.service.consent.usercentrics.eu bat.bing.com *.google.com sdk-tracing.exponea.com service-proxy-logger-wfcmkywozq-ey.a.run.app www.facebook.com www.raisin.es api.raisin-pension.de collector.raisin.com region1.google-analytics.com stats.g.doubleclick.net pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com events.launchdarkly.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu raisin-es.zendesk.com api.weltsparen.de static.zdassets.com s3.eu-central-1.amazonaws.com auth.weltsparen.de *.clarity.ms browser-intake-datadoghq.eu; font-src 'self' about: fonts.gstatic.com cdn.raisin.es account.affilitizer.com chrome-extension moz-extension data: www.raisin.es cdnjs.cloudflare.com cdn.goin.cloud; frame-ancestors 'self'; frame-src 'self' tpc.googlesyndication.com www.facebook.com app.usercentrics.eu mozbar.moz.com notify.bluecoat.com	www.googletagmanager.com td.doubleclick.net app.usercentrics.eu auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.raisin.es www.youtube.com eu-app.contentstack.com; img-src *; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri /_/reports; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' amplify.outbrain.com app.usercentrics.eu bat.bing.com connect.facebook.net conoret.com d1y068gyog18cq.cloudfront.net data1.eligrop.com data1.tatoflex.com data1.thetto.com *.kaspersky-labs.com js-agent.newrelic.com js.hs-analytics.net js.hs-banner.com mstat.acestream.net privacy-proxy.usercentrics.eu raisin-api.exponea.com sc-static.net script.crazyegg.com static.zdassets.com vwvwvwvw.b-cdn.net *.outbrain.com www.clarity.ms www.googleadservices.com www.googletagmanager.com *.raisin.es connect.facebook.net track.adform.net s2.adform.net bat.bing.com cdn.raisin.es d1y068gyog18cq.cloudfront.net www.google-analytics.com amplify.outbrain.com js.hs-scripts.com s.d.adup-tech.com webanalytics.btelligent.net js.hs-analytics.net connect.facebook.net js.hs-banner.com tr.outbrain.com blob: snap.licdn.com smct.co app.usercentrics.eu privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin.es cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.raisin.es js.hs-banner.com d.adup-tech.com cdn.jsdelivr.net fonts.googleapis.com translate.googleapis.com www.raisin.es cdnjs.cloudflare.com; worker-src 'self' blob: 1
object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com maps.googleapis.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-k3Dbht63RFjHiJ9FL11HJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-U-W5w0fA1tyMC7HpFL8yEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-02am6FdGniTYAL66iP4E2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://acsbapp.com https://snap.licdn.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://acsbapp.com https://maps.googleapis.com  https://fonts.googleapis.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://cdnapisec.kaltura.com; frame-ancestors self; report-uri /it-it/report-csp-violation 1
worker-src 'self' blob: https://*.uw.systems; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.uw.systems https://edge.fullstory.com https://www.googletagmanager.com https://cdn-assets-prod.s3.amazonaws.com https://cdn-ukwest.onetrust.com https://bat.bing.com https://acdn.adnxs.com https://*.cloudfront.net https://*.facebook.net https://www.clarity.ms https://www.google-analytics.com https://core.spreedly.com/v1/payment_methods.js https://*.optimizely.com https://optimizely.s3.amazonaws.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.clarity.ms http://acdn.adnxs.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.uw.systems https://edge.fullstory.com https://www.googletagmanager.com https://cdn-assets-prod.s3.amazonaws.com https://cdn-ukwest.onetrust.com https://bat.bing.com https://acdn.adnxs.com https://*.cloudfront.net https://*.facebook.net https://www.clarity.ms https://www.google-analytics.com https://core.spreedly.com/v1/payment_methods.js https://*.optimizely.com https://optimizely.s3.amazonaws.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.clarity.ms http://acdn.adnxs.com; frame-ancestors 'self' app.optimizely.com; report-uri https://o31724.ingest.sentry.io/api/68556/security/?sentry_key=546024986f194694a9f3e125d1d12eed 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com https://a.klaviyo.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com s7.addthis.com *.avada.io *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uuJioyfIVtYEO1l1qQCozg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1iVPTl80HNU-7lIOddcmpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wbqTTtVVifN4n3UhW_496A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:; script-src 'nonce-Pkzol3tglZbPrE9Y34mRGEb7z6ihvma7' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'nonce-Y1ONpC3Ent20rmLzfO8+A/0h6GOr/04h' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com *.livechatinc.com *.youtube.com *.google.com blob:; img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com data:; connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net www.google.com.au; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com https://info.leap.com.au https://secure.livechatinc.com; worker-src 'self' blob:; media-src 'self' https://*.wistia.com https://*.wistia.net  *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com https://js.driftt.com https://widget.drift.com blob: data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; child-src *.livechatinc.com *.youtube.com *.google.com blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations 1
object-src 'none';base-uri 'self';script-src 'nonce-i9fR7uiktNZotoIoC2CpHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.a8b.co 1
font-src *.fontawesome.com *.relaxdays.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.consentmanager.net www.google.com tpc.googlesyndication.com www.youtube.com youtube.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com sibautomation.com www.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net *.googleadservices.com www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.google.com.mt www.google.com.cy www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net *.bing.com analytics.tiktok.com alb.reddit.com www.datenschutz.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.billie.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net *.relaxdays.com assets.pinterest.com widgets.pinterest.com ct.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.googleadservices.com www.google-analytics.com www.gstatic.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com analytics.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.billie.io/ *.fontawesome.com unsafe-inline assets.braintreegateway.com *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.billie.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com blob: delivery.consentmanager.net *.relaxdays.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.facebook.com log.pinterest.com ct.pinterest.com bat.bing.com analytics.tiktok.com *.sendinblue.com in-automate.brevo.com *.hotjar.com *.hotjar.io analytics.pangle-ads.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-24911f3460c7eb424ad0f333720a5e80d7effae0908003cf416ce4cc9025b549' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.monetico-services.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.iadvize.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.cookielaw.org/ *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.iadvize.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.cookielaw.org/ payment.preprod.direct.worldline-solutions.com *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.monetico-services.com *.iadvize.com/ t.elasticsuite.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.cookielaw.org/ *.onetrust.com/ payment.preprod.direct.worldline-solutions.com *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nexus.ensighten.com media.distributordatasolutions.com analytics.formstack.com www.googletagmanager.com k-us1.az.contentsquare.net *.mktoresp.com *.facebook.com *.gstatic.com *.doubleclick.net www.google-analytics.com *.googleapis.com munchkin.marketo.net *.azureedge.net images.tradeservice.com survalyzer.survalyzer.swiss www.youtube.com www.google.co.in *.marketo.com c.az.contentsquare.net t.contentsquare.net p.brsrvr.com *.facebook.net *.licdn.com cdn.jsdelivr.net files.survalyzer.swiss dc.services.visualstudio.com go.crawfordelectricsupply.com ideadigitalasset.com *.msecnd.net www.google.com *.adsrvr.org *.windows.net *.linkedin.com *.cloudfront.net cdns.brsrvr.com runtimeapi.survalyzer-swiss.app soneparusa.formstack.com www.ideadigitalcontent.com *.mktoutil.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-IAZ92Zpc9r1sq1Hr9U6gbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://cdn.riverty.design/ *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.core.windows.net *.typekit.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com *.sovendus.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sooqr.com flagpedia.net *.multisafepay.com *.cloudflare.com *.cdninstagram.com *.typekit.net *.beslist.nl *.tui.nl *.tuitravelplc.com *.tradetracker.net *.bing.com *.msn.com *.criteo.net *.criteo.com *.sovendus.com *.yahoo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sooqr.com maps.googleapis.com *.multisafepay.com https://pay.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.amazonaws.com *.robinhq.com surfly.com *.core.windows.net *.msecnd.net cdn.mouseflow.com *.typekit.net *.googleapis.com *.sovendus.com *.criteo.net *.criteo.com *.tradetracker.net *.googleadservices.com *.bing.com *.msn.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.sooqr.com maxcdn.bootstrapcdn.com *.multisafepay.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.mailchimp.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.gstatic.com maps.googleapis.com *.multisafepay.com *.cloudflare.com *.amazonaws.com *.visualstudio.com *.sovendus.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bagageonline.nl/; report-to report-endpoint; 1
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-hashes' 'strict-dynamic' 'report-sample' https://static.addtoany.com https://use.fontawesome.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://script.crazyegg.com https://snap.licdn.com https://static.hotjar.com https://googleads.g.doubleclick.net https://browser-update.org https://rtp-static.marketo.com https://sjrtp3.marketo.com https://script.hotjar.com https://sjrtp3-cdn.marketo.com https://vidassets.terminus.services https://munchkin.marketo.net https://extend.vimeocdn.com https://static.addtoany.com https://use.fontawesome.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample' https://fonts.googleapis.com cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://use.fontawesome.com https://rtp-static.marketo.com cdnjs.cloudflare.com; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-EWXn96tWj49RrcKpSIm4zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com *.typekit.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://cdn.clerk.io https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com *.typekit.net *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src www.searchanise.com *.searchserverapi.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com *.gstatic.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.google.com *.sagepay.com *.facebook.com *.arcot.com *.securesuite.co.uk *.mycardsecure.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.wlp-acs.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; frame-ancestors *.facebook.net www.factory-direct-flooring.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.google.com *.sagepay.com *.hotjar.com *.facebook.com *.addthis.com *.arcot.com *.securesuite.co.uk *.pinterest.com *.mycardsecure.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.bing.com *.pinterest.com *.google.co.uk *.gstatic.com *.limely.co.uk *.gravatar.com *.googletagmanager.com *.postcodeanywhere.co.uk *.addthis.com *.factory-direct-flooring.co.uk *.carpetworlduk.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googletagmanager.com *.facebook.net apis.google.com cdn.livechatinc.com *.hotjar.com *.bing.com *.pinimg.com *.pcapredict.com *.postcodeanywhere.co.uk *.pinterest.com *.addthis.com *.addthisedge.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com https://static.klaviyo.com *.googleapis.com *.postcodeanywhere.co.uk *.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.amplitude.com stats.g.doubleclick.net *.stripe.com *.google.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.cardinalcommerce.com *.googleapis.com *.pinterest.com *.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.postcodeanywhere.co.uk *.facebook.com *.doubleclick.net *.bing.com *.addthis.com *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.factory-direct-flooring.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://factorydirectflooring.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.livechatinc.com *.plyr.io https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.iubenda.com *.googletagmanager.com *.pinterest.com *.livechatinc.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.klarna.com https://www.googletagmanager.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.iubenda.com pixel.mathtag.com sync.mathtag.com *.trustedshops.com *.linkedin.com *.google.de *.facebook.net *.facebook.com *.livechatinc.com *.yahoo.com *.truoptik.com *.pinterest.com maps.gstatic.com *.doubleclick.net *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarna.com *.klarnaevt.com *.klarnacdn.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.iubenda.com chimpstatic.com *.roomvo.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.klarna.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ downloads.mailchimp.com *.list-manage.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://widgets-qa.trustedshops.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net d.ratepay.com d.payla.io dr.payla.io unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.iubenda.com *.roomvo.com chimpstatic.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.linkedin.oribi.io *.linkedin.com *.klarnaevt.com *.klarna.com *.noembed.com *.plyr.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.etrusted.com *.klarnacdn.net *.klarnaservices.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.demdex.net *.hubspot.com wave-utility-stage.azurewebsites.net/ wave-utility.azurewebsites.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.linkedin.com *.salsify.com *.hubspot.com *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.salsify.com *.hubspot.com *.hsforms.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.licdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.newrelic.com *.nr-data.net *.google.com *.salsify.com *.hubspot.com *.hsforms.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.salsify.com *.linkedin.com *.hubspot.com *.hsforms.com *.hubapi.com *.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-CshulxXEkMHODgONEqBmNw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.google.fr cdn.snapppt.com *.cdninstagram.com *.schott-store.com black.bird.eu *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com snapppt.com cdn.snapppt.com api.snapppt.com *.googleapis.com *.actito.be *.tiktok.com *.adnxs.com *.cloudfront.net sc-static.net *.snapchat.com *.zebestof.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.g.doubleclick.net snapppt.com *.tiktok.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xbWvnAobkwEnqNugNA2NQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6Am1Kblsrr5c_xoW6bPv6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src 'self' https: data: http://*.hotjar.com https://*.hotjar.com *.typekit.net https://assets.yobbers.com https://staging-assets.yobbers.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; worker-src 'self' blob: https://cdnjs.cloudflare.com; media-src 'self' https: https://static.widget.trengo.eu; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: https://*.typekit.net https://*.google-analytics.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.bizographics.com https://*.facebook.net https://*.instagram.com https://*.linkedin.com https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 https://cdnjs.cloudflare.com https://accounts.google.com; style-src 'self' https: 'unsafe-inline' https://*.typekit.net https://*.yobbers.com https://*.bootstrapcdn.com 1
object-src 'none';base-uri 'self';script-src 'nonce-IN_X3zJtGWu6IV92wvlcOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'self' *.cloudfront.net; object-src 'none'; connect-src 'self' o1305781.ingest.sentry.io *.google-analytics.com *.googleapis.com *.analytics.google.com *.googletagmanager.com *.lendable.co.uk *.newrelic.com *.helpscout.net bam.nr-data.net api.ideal-postcodes.co.uk *.cloudfront.net *.inspectlet.com *.doubleclick.net *.inspectlet.com; font-src 'self' *.cloudfront.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' js.stripe.com; img-src 'self' data: *.cloudfront.net images-static.trustpilot.com adservice.google.com www.google-analytics.com ad.doubleclick.net www.googletagmanager.com adservice.google.co.uk www.facebook.com www.google.co.uk *.inspectlet.com www.google.com; style-src 'self' *.cloudfront.net 'unsafe-inline' fonts.googleapis.com; script-src 'self' blob: *.cloudfront.net 'unsafe-inline' *.google-analytics.com ad.doubleclick.net adservice.google.co.uk *.googletagmanager.com js.stripe.com beacon-v2.helpscout.net *.stripe.network *.newrelic.com bam.nr-data.net *.facebook.net *.inspectlet.com analytics.tiktok.com; report-to default 1
default-src 'self' salesforce.okta.com *.oktacdn.com; connect-src 'self' salesforce.okta.com salesforce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com salesforce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' salesforce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' salesforce.okta.com *.oktacdn.com; frame-src 'self' salesforce.okta.com salesforce-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' salesforce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' salesforce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://confluence.internal.salesforce.com https://foundation--pie.sandbox.my.salesforce.com https://integration360.lightning.force.com https://powerofus.force.com https://pie-powerofus.usa2s.sfdc-yfeipo.force.com https://org62--62stage2.sandbox.lightning.force.com https://slack.lightning.force.com https://threatcanvas.internal.salesforce.com https://foundation.lightning.force.com https://tc.tm-as-a-service.ast.aws-dev2-uswest2.aws.sfdc.cl https://tabstg.internal.salesforce.com https://foundation.my.site.com https://integration360--i360dev.sandbox.lightning.force.com https://tabdev.internal.salesforce.com https://spfdev01-supportforce.cs21.force.com https://gus--rakesh.sandbox.lightning.force.com https://cichub--stage.sandbox.lightning.force.com https://tabse.internal.salesforce.com https://org62--62uat5sb1.sandbox.lightning.force.com https://tabtst.internal.salesforce.com https://mc-00tq6cdjppzlxr9vvx98rqyy1.pub.sfmc-content.com https://foundation--pie.builder.salesforce-communities.com https://supportforce.my.site.com https://supportforce--spfstage.sandbox.my.site.com https://tc.tm-as-a-service.ast-s.aws-esvc1-useast2.aws.sfdc.cl https://foundation.builder.salesforce-communities.com https://sfdc-tab.internal.salesforce.com https://cichub.lightning.force.com https://foundation--pie.my.salesforce.com https://supportforce.force.com https://gus.lightning.force.com https://foundation.my.salesforce.com https://org62.lightning.force.com https://foundation--pie.sandbox.my.site.com 1
object-src 'none';base-uri 'self';script-src 'nonce-bYRXMUJJqtx2JwtZj-Iu3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.groupe.schmidt https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://axeptio.imgix.net https://*.axept.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axept.io https://*.googletagmanager.com https://*.googleapis.com https://cdnjs.cloudflare.com blob: *.google.com https://*.gstatic.com; font-src 'self' 'unsafe-eval' data: https://fonts.gstatic.com; connect-src 'self' https://*.axept.io https://*.axeptio.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' *.google.com data: https://*.youtube.com https://*.youtube-nocookie.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-K8uZ8d8rJE3wiIhqcrMNYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com magazin.lalalo.de 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.lalalo.de magazin.lalalo.de 'self' 'unsafe-inline'; frame-ancestors magazin.lalalo.de 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.doubleclick.net *.lalalo.de *.cookiebot.com js.mollie.com *.weltpixel.com magazin.lalalo.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com validate.fishpig.co.uk *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.klarna.com *.mollie.com *.google.de *.paypal.com *.usercentrics.eu *.facebook.com *.googletagmanager.com *.lalalo.de *.bing.com *.clarity.ms *.adroll.com *.cookiebot.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.analytics.yahoo.com *.3lift.com *.adnxs.com *.taboola.com https://www.mollie.com maps.gstatic.com *.google.com *.google.fr *.google.ie magazin.lalalo.de 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google-analytics.com *.usercentrics.eu *.lalalo.de *.clarity.ms *.bing.com *.cookiebot.com *.adroll.com js.mollie.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net magazin.lalalo.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.usercentrics.eu *.lalalo.de www.gstatic.com maxcdn.bootstrapcdn.com magazin.lalalo.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com magazin.lalalo.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.paypal.com *.googleapis.com *.google.com google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.amazon.com *.lalalo.de *.clarity.ms *.cookiebot.com *.adroll.com cdn.ampproject.org magazin.lalalo.de 'self' 'unsafe-inline'; child-src magazin.lalalo.de http: https: blob: 'self' 'unsafe-inline'; default-src magazin.lalalo.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lgafucObnaajgU-6ZwF45g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.googleapis.com vlibras.gov.br www.google-analytics.com vc.hotjar.io *.hotjar.com www.googletagmanager.com api.brasilprev.com.br www.youtube.com *.doubleclick.net content.hotjar.io acessos.vlibras.gov.br www.google.com.br analytics.google.com bp-digital-cdn.brasilprev.com.br *.gstatic.com metrics.hotjar.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.google.com.ua *.google.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net player.vimeo.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.google.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-j1zZ_nXIeduqb2Duiy5PQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S5pgrfQaXZgiknpiy4kkrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.squarecdn.com *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.mercadolibre.com *.google.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com  s.ytimg.com  *.google.com  *.google.com.mx  *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com  *.google.com.in  *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.powerreviews.com getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-iPhwnyPU-PYh7LqAer9_Yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xldamxkrj1lT-KXWjQzlJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-UPEp2klKspBKuy4WgKZX5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-THM9TlMed2gToO2_Pxws5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.typekit.net *.hotjar.com *.audioeye.com *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.criteo.com *.pinterest.com *.hotjar.com *.audioeye.com andros.easi.chat *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.g.doubleclick.net *.googletagmanager.com *.gstatic.com validate.fishpig.co.uk *.typekit.net *.google.fr *.google-analytics.com *.pinterest.com cdn.wisepops.com tracking.wisepops.com *.hotjar.com secure.adnxs.com *.criteo.com img2.storyblok.com shareasale.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.typekit.net *.youtube.com *.googleapis.com *.crazyegg.com *.hotjar.com *.pinimg.com *.criteo.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdn.wisepops.com loader.wisepops.com cdn.cookielaw.org *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.dwin1.com s.skimresources.com easiconnect-io-s3-prod-cachebucket-jgz0hjxjivav.s3.eu-west-1.amazonaws.com andros.easi.chat *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.mollie.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.hotjar.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net *.google.fr *.googletagmanager.com *.analytics.google.com *.pinterest.com bam.nr-data.net gov-bam.nr-data.net activity.wisepops.com popup.wisepops.com tracking.wisepops.com cdn.cookielaw.org *.hotjar.com *.hotjar.io *.audioeye.com *.easiware.fr *.easiwebforms.net *.easiconnect.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com autocomplete2.postdirekt.de *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-A4cqWYnf5Xol5tIt01pH6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-4CwCQqwqIwCAWeY9aaINZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OMCPyvoW2BsrYVZb22gLIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-rVszgTo8MCdsj964Q28IsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';style-src 'self' 'unsafe-inline';style-src-elem 'unsafe-inline' 'self' https://*.freshchat.com/ https://fonts.googleapis.com/css2;script-src https://*.freshchat.com https://*.freshworksapi.com/;script-src-elem 'self' 'unsafe-inline' https://*.freshchat.com/ https://www.googletagmanager.com/gtag/ https://fonts.googleapis.com/css2 https://*.freshworksapi.com/;img-src 'self' data: blob: https://images.stealthex.io https://stealthex.io/blog/wp-content/ https://*.freshchat.com	https://fc-use1-00-pics-bkt-00.s3.amazonaws.com/;media-src https://*.freshchat.com;frame-src https://*.freshchat.com;worker-src 'self' blob: https://*.freshchat.com/;font-src 'self' https://fonts.gstatic.com/ https://*.freshchat.com/;connect-src 'self' https://stealthex.io/api/ https://www.google-analytics.com/g/collect https://*.ingest.sentry.io/api/ wss://*.freshworksapi.com/ https://*.freshworksapi.com/;report-uri https://stealthex.report-uri.com/r/d/csp/reportOnly 1
font-src fonts.gstatic.com *.googleapis.com data: https://fonts.gstatic.com *.fontawesome.com *.typekit.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * calendly.com *.google.com *.cappasity.com www.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.webdamdb.com *.rectorseal.com rectorseal.com *.img-us3.com *.amazon.com *.amazonaws.com *.cloudfront.net *.linkedin.com *.google.com *.adsymptotic.com 'self' data: *.cappasity.com www.facebook.com track.hubspot.com maps.gstatic.com maps.googleapis.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ landofcoder.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.calendly.com *.cloudfront.net *.licdn.com *.googletagmanager.com connect.facebook.net *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.typekit.net tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io cdn.ampproject.org *.googleapis.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.hubapi.com *.doubleclick.net *.fullstory.com *.google-analytics.com insights.algolia.io px.ads.linkedin.com maps.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-R_YGKVjSWJ_5VnxYTHZv0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wAnn8wbMcV0KnyQQgnd6Qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_vSln3H9Jqiay_vhE1wuNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TTKkHEaEfK33dRR5B75oXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self'; report-uri https://www.nestlecomvoce.com.br/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-JAKiQsxPnUKp7XarHfnkaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://unpkg.com https://ws.sharethis.com; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' https://api.mapbox.com https://cdn-eu.readspeaker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com cdn-eu.readspeaker.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com cdn-eu.readspeaker.com 1
frame-ancestors 'self' ;img-src 'self' data: https://secure.gravatar.com  https://s3t3d2y8.afcdn.net  https://aj1070.online  https://eu-adsrv.rtbsuperhub.com  https://syndication.realsrv.com  https://translate.google.com  https://bmedia.justservingfiles.net  https://ad.doubleclick.net  https://track.trackingtraffo.com  https://i.cdnkimg.com  https://www.googletagmanager.com  https://mat.143flix.com  https://b.mourrboae.com  android-webview-video-poster  https://region1.google-analytics.com  https://go.xlivrdr.com  https://fonts.gstatic.com  https://asia.adform.net  https://www.google-analytics.com  https://srvd2204.com  https://d9u89prfg39s1.cloudfront.net  https://ad-serving-test.s3.ap-northeast-1.amazonaws.com  https://p4111.nonotro.name  https://cdn.deepnewsjuly.com  https://go.xlirdr.com  https://assets.strpst.com  https://track.abdsp.com  https://www.gstatic.com  https://wendelstein-1b.com  https://crprt.livejasmin.com  https://ccs.livejasmin.com  about  https://aj2204.online  https://cdn.honey.io  https://tiktits.tik.pm  https://yastatic.net  https://mtdsrvr.com  https://www.betway.co.za  https://ssl.gstatic.com  https://s.w.org  https://px.effirst.com  https://favicon.yandex.net  https://asianpinay.cc  https://www.mystripclub.com  https://ads.abdsp.com  https://www.flirt4free.com  https://static.gmlinteractive.com  https://engine.asf4f.us  https://shopee.co.id  https://crmt.livejasmin.com  https://servetraff.com  https://irritatingroll.com  https://hm.baidu.com  https://forums.socialmediagirls.com  https://asianpinay.to  https://uploads-ssl.webflow.com  https://onlinetopchoice.com  android-webview  https://ps.w.org  https://pos.baidu.com  https://s3.us-east-1.amazonaws.com  https://www.wp-script.com  https://msdeepfakes.com  https://wpbeaveraddons.com  https://res.cloudinary.com  https://z.cdn.adtarget.market  https://ahsmall.tik.porn  https://icdns.net  https://m.youtube.com  https://cdn.sweetmoonmonth.com  https://b128.org  https://huaban.com  file  https://pinayflixtv.com  http://track.uc.cn  https://www.google.be  https://track.convertagain.net  https://pixel.rubiconproject.com  https://t.skimresources.com  https://p.skimresources.com  https://bh.contextweb.com  https://i.bcicdn.com  https://ssl.google-analytics.com  https://laz-img-cdn.alicdn.com  https://theporndude.com  https://gateway.jerkmate.com  https://www.google.fr  https://roleplay.jerkmate.com  https://www.google.ca  https://www.asianpinay.cc  https://gargar.xtremestream.co  https://gpuabm.xyz  https://translate.googleapis.com  https://ak.roudoduor.com  https://www.bing.com  https://camonster.com  https://george.xtremestream.co  https://cdn.streamlabs.com  https://www.bet365.bet.ar  https://www.google.com.tr  https://mcw818.com  https://ads.trackingtraffo.com  https://licensing.wpcode.com  https://www.startsiden.no  https://cdn.siteone.io  https://pixcraft.art  https://member.txxx.com  https://www.google.it  https://www.google.co.jp  https://vast.livejasmin.com  https://www.google.com.qa  tv  https://ch-trc-events.taboola.com  https://dk.bongacams.com  https://updaterecomended.com  https://www.google.com.br  https://shopee.ph  https://mp3lofts.com  https://fyptt.to  https://www.google.de  https://mc.yandex.ru  https://www.youtube.com  https://img.gsspat.jp  https://cdn.search.brave.com  https://assets.msn.com  https://xmegaxvideox.com  https://really-simple-ssl.com  https://www.redgifs.com  https://track.leonretarget.com  https://br.images.search.yahoo.com  https://fikfap.com  https://omegleporn.to  https://www.xnxx.com  https://www.google.bg  https://tn.tikporn.tube  https://cdn02.wendelstein-1b.com  https://www.tiktok.com  https://www.weightwatchers.com  https://lms-runet-cdn.lesta.ru  https://ng.1x001.com  https://www.google.co.za  https://www.google.at  ; default-src 'self'; script-src 'self' 'unsafe-inline' https://mat.143flix.com  https://static.cloudflareinsights.com  https://syndication.realsrv.com  https://a.realsrv.com  https://unpkg.com  data:  https://vjs.zencdn.net  https://www.google.com  https://limurol.com  https://owrkwilxbw.com  https://aj1070.online  https://www.googletagmanager.com  blob:  https://www.gstatic.com  https://ucads-cdn.ucweb.com  https://ssl.google-analytics.com  https://www.pagespeed-mod.com  https://me.kis.v2.scr.kaspersky-labs.com  https://b.mourrboae.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://localhost  https://connect.facebook.net  https://apis.google.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://7896543.s3.amazonaws.com  https://images.uc.cn  http://10.152.55.37  https://translate.google.com  https://translate.googleapis.com  https://translate-pa.googleapis.com  https://mtdsrvr.com  https://data1.zorbil.com  https://search.imtt.qq.com  https://wpjuwel.myshopify.com  https://clerrrep.com  https://v2.maoyinews.xyz  https://v1.maoyinews.xyz  https://g.alicdn.com  https://platform.twitter.com  https://www.google-analytics.com  https://conoret.com  https://mc.yandex.ru  https://kp.apiget.ru  https://greasyfork.org  https://translate.google.cn  https://agadata.online  https://local.adguard.org  https://s.skimresources.com  https://sl-m-ssl.xunlei.com  https://rialto-gms.s3.amazonaws.com  https://cdn.taboola.com  https://gc.kis.scr.kaspersky-labs.com  https://ajax.googleapis.com  https://get663.com  https://maind.global-cache.online  https://yotejo.cevocoxuhu.com  https://self.adblockultimate.net  https://data1.roterf.com  https://s3.amazonaws.com  https://evoow.com  https://www.foxcoo.com  https://www.vipmeg.com  https://cdn.hunong.xyz  https://theporndude.com  https://c.chuyueshop.com  https://c.itaozi.cn  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://mat.143flix.com  https://static.cloudflareinsights.com  https://syndication.realsrv.com  https://a.realsrv.com  https://unpkg.com  data:  https://vjs.zencdn.net  https://www.google.com  https://limurol.com  https://owrkwilxbw.com  https://aj1070.online  https://www.googletagmanager.com  blob:  https://www.gstatic.com  https://ucads-cdn.ucweb.com  https://ssl.google-analytics.com  https://www.pagespeed-mod.com  https://me.kis.v2.scr.kaspersky-labs.com  https://b.mourrboae.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://localhost  https://connect.facebook.net  https://apis.google.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://7896543.s3.amazonaws.com  https://images.uc.cn  https://translate.google.com  https://translate.googleapis.com  https://translate-pa.googleapis.com  https://mtdsrvr.com  https://data1.zorbil.com  https://search.imtt.qq.com  https://wpjuwel.myshopify.com  https://clerrrep.com  https://v2.maoyinews.xyz  https://v1.maoyinews.xyz  https://g.alicdn.com  https://platform.twitter.com  https://www.google-analytics.com  https://conoret.com  https://mc.yandex.ru  https://kp.apiget.ru  https://greasyfork.org  https://translate.google.cn  https://agadata.online  https://local.adguard.org  https://s.skimresources.com  https://sl-m-ssl.xunlei.com  https://rialto-gms.s3.amazonaws.com  https://cdn.taboola.com  https://gc.kis.scr.kaspersky-labs.com  https://ajax.googleapis.com  https://get663.com  https://maind.global-cache.online  https://yotejo.cevocoxuhu.com  https://self.adblockultimate.net  https://data1.roterf.com  https://evoow.com  https://www.foxcoo.com  https://www.vipmeg.com  https://cdn.hunong.xyz  https://theporndude.com  https://c.chuyueshop.com  https://c.itaozi.cn ; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net  https://fonts.googleapis.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://www.gstatic.com  https://b.mourrboae.com  https://me.kis.v2.scr.kaspersky-labs.com  data:  https://cdn.honey.io  https://ff.kis.v2.scr.kaspersky-labs.com  https://lib.baomitu.com  https://dl.dropboxusercontent.com  https://translate.googleapis.com ; style-src-elem 'self' 'unsafe-inline' https://vjs.zencdn.net  https://fonts.googleapis.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://gc.kis.v2.scr.kaspersky-labs.com  https://b.mourrboae.com  https://me.kis.v2.scr.kaspersky-labs.com  data:  https://cdn.honey.io  https://ff.kis.v2.scr.kaspersky-labs.com  https://lib.baomitu.com  https://dl.dropboxusercontent.com  https://translate.googleapis.com ; frame-src 'self' https://syndication.realsrv.com  https://cf-adsrv.rtbsuperhub.com  https://www.google.com  https://creative.xlivrdr.com  https://chaturbate.com  https://go.xlivrdr.com  https://camschat.net  https://bangkazza.com  https://r.trwl1.com  https://onlinetopchoice.com  https://freecamsfan.com  https://r.trackwilltrk.com  https://ucads-cdn.ucweb.com  https://www.betorama.club  https://media.cdngain.com  https://a.adtng.com  https://blkditsup.com  https://ads.madcheddar.net  http://joinsportsnow.com  https://fowotsrbrq.com  https://www.cam4.com  https://dynspt.com  https://l1vec4ms.com  https://tk.mobirocky.com  https://rtb-useast-v4.afkwa.com  https://betorama.club  https://noop.style  http://127.0.0.1  https://cams.gratis  https://www.facebook.com  https://www.youtube.com  https://platform.twitter.com  https://127.0.0.1  http://a.digitamobi.com  https://nvgsk7s.meaaheeyarn.com  https://asia.adform.net  qqvideo://init  qqvideo://play  qqvideo://pause  https://www.mmaaxx.com  http://tk.mourrboae.com  http://10.112.127.150  https://impression.appsflyer.com  https://srv272c.com  http://google.com  https://player.vimeo.com  https://wowcooloffers.com  https://owrkwilxbw.com  gsa://onpageload  http://149.28.128.100  https://image.uc.cn  https://utp.ucweb.com  null  https://z1qtvw.meaaheeyarn.com  http://10.112.24.152  https://bxysau7j.meaaheeyarn.com  https://jhsba7.meaaheeyarn.com  https://betzone2000.com  http://10.112.141.115  http://10.112.138.148  http://45.76.188.160  http://10.112.134.74  http://10.112.139.127  https://www.mcafee.com  http://www.google.com  https://dhfs.heytapimage.com  https://adjust.gameupsfacory.com  https://game.glassservers.com  https://sfh0lsh.meaaheeyarn.com  https://r3x9af.meaaheeyarn.com  https://sifahi9.meaaheeyarn.com  https://suisd8j.meaaheeyarn.com  https://remove.video  https://creative.xlirdr.com  http://10.112.33.90  http://10.203.131.32  data:  https://vip.zhanyangsh.cn  http://10.112.126.38  https://v2.maoyinews.xyz  https://div.show  http://10.112.139.78  https://acestream.me  https://ksildh8o.meaaheeyarn.com  https://recaptcha.net  http://10.112.28.180  http://10.112.28.102  http://10.112.24.85  http://10.203.233.224  http://10.112.110.112  https://aj1070.online  https://door95.com  http://10.112.12.9  http://10.112.125.117  http://10.112.60.48  http://10.112.127.95  http://10.112.121.225  http://10.112.101.190  http://10.112.125.61  http://10.112.98.160;  connect-src 'self' https://syndication.realsrv.com  https://mat.143flix.com  https://aj1070.online  https://www.google-analytics.com  https://owrkwilxbw.com  https://region1.google-analytics.com  https://go.xlivrdr.com  https://gjtrack.ucweb.com  https://srvd2204.com  https://engine.asf4f.us  https://plugin.ucads.ucweb.com  https://servetraff.com  https://translate.googleapis.com  wss://gc.kis.v2.scr.kaspersky-labs.com  https://aj2204.online  https://go.xlirdr.com  data:  http://gj.track.uc.cn  https://crprt.livejasmin.com  https://api.adblock360.net  https://adtonus.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ecmacore.com  https://api.trongrid.io  https://mtdsrvr.com  https://px.effirst.com  https://searchaggr-dre.dt.dbankcloud.com  https://metrics-dre.dt.dbankcloud.cn  https://crmt.livejasmin.com  https://chaturbate.com  https://hm.baidu.com  https://www.googletagmanager.com  https://api.clean-blocker.com  https://updaterecomended.com  https://play.google.com  https://api.adblocknext.com  https://me.kis.v2.scr.kaspersky-labs.com  https://region1.analytics.google.com  https://searchaggr-dra.dt.dbankcloud.com  https://rdtds.net  https://api-js.mixpanel.com  wss://me.kis.v2.scr.kaspersky-labs.com  https://code.jquery.com  https://localhost  wss://ff.kis.v2.scr.kaspersky-labs.com  http://uc.gre  http://pluginx.uc.local  https://analytics.google.com  https://www.google.com.br  https://kp.apiget.ru  https://blkditsup.com  https://cf-adsrv.rtbsuperhub.com  https://doublestat.info  https://redmarket.online  https://stats.g.doubleclick.net  https://trc.taboola.com  https://translate.google.com  https://get663.com  https://api.killadsapi.com  wss://gc.kis.scr.kaspersky-labs.com  https://api.datacloudstat.com  https://api.awesomeblocker.com  https://meetlookup.com  https://zone1-services-cdn.com  https://o268291.ingest.sentry.io  https://api.amcreativemedia.com  https://www.google.com.eg  https://oilcloze.com  https://api.global-data-lab.com  https://fonts.googleapis.com  https://s3t3d2y8.afcdn.net  https://vjs.zencdn.net  https://sun.tronex.io  https://tiktok.pm  https://vast.livejasmin.com  http://127.0.0.1  https://r.skimresources.com  https://pips.taboola.com  https://server.goblocker.xyz  https://baannre.com  https://clientstream.launchdarkly.com  https://api.blocksly.org  https://www.google.co.id  https://static.cloudflareinsights.com  https://cdnjs.cloudflare.com  https://wwwv.tiktok.pm  https://api.solaranalyticscorp.com  https://h5api.m.taobao.com  https://new229.com  https://bangkazza.com  https://api.solarspireconsulting.com  https://api.adblockertool.com  https://w88p9x.com  https://api.socialsolutionapp.com  https://update.adblock360.org;  media-src 'self' https://v.tikporn.tube  https://s3t3d2y8.afcdn.net  https://tiktits.tik.pm  https://nakedtt.tik.pm  https://gotanynudes.tik.pm  https://viralph.tik.pm  https://wwwv.tiktok.pm  https://erome.tik.pm  https://u3y8v8u4.aucdn.net  https://cdn.stripcash.com  https://ahsmall.tik.porn  https://cdn.servetraff.com  https://v.redd.it  https://tiktits.com  data:  https://static.javhd.com  https://wwwv.tik.pm  https://galleryn0.vcmdiawe.com  https://bmedia.justservingfiles.net  https://external-preview.redd.it  https://zsf5hqmjksyn.com  https://galleryn3.vcmdiawe.com  https://cdn.asf4f.us  https://y563p2c3eisd.com  https://galleryn1.vcmdiawe.com  https://10945-4.s.cdn15.com  https://galleryn2.vcmdiawe.com  https://pm4.cdn.adpool.bet  https://tikporn.tik.pm  https://nt1.nakedtiktok18.com  https://edge-hls.doppiocdn.com  https://b-hls-07.doppiocdn.com  https://pm1.cdn.adpool.bet  https://i.imgur.com  https://cdn.fluidplayer.com  https://vssss.tikporn.tube  https://b-hls-11.doppiocdn.com  https://edge-hls.doppiocdn.org  ftp://85.202.160.46/public_html/videos/TeasePetiteNsfwbysukoshicosplay.mp4  https://b-hls-20.doppiocdn.com  https://b-hls-19.doppiocdn.com  https://b-hls-06.doppiocdn.com;  font-src 'self' https://fonts.gstatic.com  https://cdnjs.cloudflare.com  data:  https://github.com  chrome-extension  https://at.alicdn.com  https://cdn.megabonus.com  https://fonts.cdnfonts.com  https://api.rabatta.app  https://use.typekit.net  https://lib.baomitu.com  https://www.slant.co  https://cdn.scite.ai  https://cdn-uicons.flaticon.com  http://fonts.gstatic.com  moz-extension://268601F1-7C31-46B2-8F80-4AC94498C6FB/fonts/scite-icons/scite-icons.woff  https://static3.avast.com  https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com;  child-src 'self' blob:;  worker-src 'self' blob:;  report-uri https://tik.pm/wp-json/rsssl/v1/csp?rsssl_apitoken=838561249; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.cloudfront.net www.googletagmanager.com www.dianomi.com www.redditstatic.com *.azureedge.net *.facebook.net consent.cookiebot.com ad.wsod.com *.wisdomtree.com consentcdn.cookiebot.com heapanalytics.com perfchart.wisdomtree.eu *.flashtalking.com *.twitter.com t.co adservice.google.com tm.vendemore.com *.linkedin.com perfchartdev.wisdomtree.eu *.evergage.com cdn.heapanalytics.com analytics.vendemore.com *.googleadservices.com bam.nr-data.net app-static.turtl.co metrics.hotjar.io *.doubleclick.net *.ads-twitter.com www.google-analytics.com *.facebook.com rum-collector-2.pingdom.net *.licdn.com tags.srv.stackadapt.com region1.analytics.google.com www.googleoptimize.com rum-static.pingdom.net tags.inzynk.io cdn.evgnet.com alb.reddit.com *.hotjar.com imgsct.cookiebot.com www.google.com analytics.inzynk.io region1.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com secure-gateway.hipay-tpp.com *.hipay.com *.weltpixel.com https://thinglink.com/ https://app.usercentrics.eu/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://app.usercentrics.eu/ *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://cdn.thinglink.me/ https://app.usercentrics.eu/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.googleapis.com *.hipay.com https://cdnjs.cloudflare.com https://integrations.etrusted.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.googleapis.com *.hipay.com wss://mpsnare.iesnare.com https://integrations.etrusted.com/ https://app.usercentrics.eu/ https://api.usercentrics.eu/ *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VdU3ystAPcvFGAsNR1k_qg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com https://static.klaviyo.com/onsite/hosted-fonts/ https://player.vimeo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.nosto.com *.nos.to https://plumrocket.com *.paymentexpress.com *.windcave.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.google.com *.doubleclick.net *.facebook.com *.nosto.com *.nos.to *.addthis.com *.hotjar.com *.laybuy.com *.flashtalking.com https://plumrocket.com www.xtento.com *.paymentexpress.com *.windcave.com https://accounts.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://popup.laybuy.com *.afterpay.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.cloudflare.com https://cdn.klarna.com * *.paypal.com *.afterpay.com https://s.ytimg.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.hotjar.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://scontent.cdninstagram.com/ https://integration-assets.laybuy.com/ http://mcstaging.max.co.nz/ https://usage.trackjs.com/usage.gif https://player.vimeo.com *.zendesk.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.nosto.com *.nos.to *.cloudflare.com *.adobe.com *.authorize.net *.foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.intercomcdn.com *.intercom.io *.hotjar.com *.newrelic.com *.nr-data.net http://foursixty.com *.paypal.com js.braintreegateway.com *.cardinalcommerce.com *.afterpay.com *.klaviyo.com *.addthis.com *.addthisedge.com *.moatads.com https://www.gstatic.com *.xtento.com *.braintreegateway.com *.maxmind.com *.yotpo.com *.quantserve.com www.xtento.com cdn.xtento.com https://accounts.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://static.hotjar.com https://cdn.trackjs.com https://script.hotjar.com https://js-agent.newrelic.com https://widget.intercom.io https://bam.nr-data.net https://static-tracking.klaviyo.com https://foursixty.com *.getsitecontrol.com *.clarity.ms *.quantcount.com https://player.vimeo.com *.zdassets.com *.zendesk.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.cloudflare.com *.typekit.net *.foursixty.com foursixty.com/* http://foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.hotjar.com *.afterpay.com/ https://accounts.google.com *.yotpo.com https://www.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolianet.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.cloudflare.com * foursixty.com *.paypal.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.afterpay.com *.klaviyo.com *.algolianet.net *.intercom.io *.hotjar.com *.nr-data.net *.mmapiws.com https://accounts.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.yotpo.com wss://nexus-websocket- https://capture.trackjs.com https://bam.nr-data.net https://player.vimeo.com *.zdassets.com *.zendesk.com wss://pod-15.zendesk.com/sc/faye 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://code.jquery.com https://www.gstatic.com https://seal.digicert.com https://s.ytimg.com https://www.youtube.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://apis.google.com https://www.dropbox.com https://seal.verisign.com https://seal.websecurity.norton.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; img-src data: *; font-src data: 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://forms.hsforms.com https://js.hsforms.net https://www.googleapis.com https://maps.googleapis.com; media-src *; object-src 'self' https://www.youtube.com; worker-src 'none'; child-src 'self'; frame-src *; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.empforce.com/UserControl/ValidateForm.ashx 1
font-src *.typekit.net data: https://*.hotjar.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors platform.twitter.com *.digitalriver.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com platform.twitter.com vod-progressive.akamaized.net social-plugins.line.me *.digitalriver.com *.hotjar.com www.facebook.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://ui1.img.digitalrivercontent.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com syndication.twitter.com www.google.com www.google.co.jp www.facebook.com https://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com platform.twitter.com *.typekit.net www.youtube.com www.line-website.com d.line-scdn.net players.brightcove.net *.digitalriver.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.facebook.com https://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://js.digitalriverws.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.typekit.net *.digitalriver.com https://*.hotjar.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com platform.twitter.com vimeo.com bam.nr-data.net www.facebook.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.google-analytics.com www.2checkout.com connect.facebook.net www.google.com www.gstatic.com *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: librarika.com covers.librarika.com:8443 storage101.lon3.clouddrive.com *.ssl.cf3.rackcdn.com *.media-amazon.com *.ssl-images-amazon.com *.amazon-adsystem.com *.amazon.com *.gstatic.com *.google-analytics.com *.google.com; font-src 'self' data: fonts.gstatic.com; frame-src *.librarika.com www.2checkout.com *.facebook.com *.google.com *.amazon-adsystem.com *.youtube.com; connect-src 'self' www.google-analytics.com; object-src 'none'; report-uri https://5e5aa7c5f482dc373380fd2db250ce83.report-uri.com/r/d/csp/enforce 1
font-src *.fontawesome.com *.fasttimes.com.au *.klarnaservices.com/ playground.klarnaservices.com/ https://fonts.gstatic.com/ https://cardinalcommerce.com/ https://www.paypal.com/ https://x.klarnacdn.net/ *.bootstrapcdn.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 0merchantacsstag.cardinalcommerce.com *.twitter.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com *.fasttimes.com.au *.twitter.com *.klarnaservices.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ 0merchantacsstag.cardinalcommerce.com https://bid.g.doubleclick.net/ www.google.com https://www.paypal.com/ https://assets.braintreegateway.com/ https://ssl.kaptcha.com/ https://c.paypal.com/ https://www.purechat.com/ https://www.googletagmanager.com/ https://checkout.paypal.com/ *.weltpixel.com www.facebook.com secure.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.fasttimes.com.au *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com https://www.paypal.com/ *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.klarnaservices.com www.googletagmanager.com *.gstatic.com https://www.google.us/ https://www.google.de/ https://www.google.se/ https://www.google.co.nz/ https://www.google.rs https://analytics.sleeknote.com https://b.stats.paypal.com/ https://dub.stats.paypal.com/ https://c.paypal.com/ www.google.com https://www.purechat.com/ https://widgets.magentocommerce.com/ *.google.co *.googleapis.com www.gstatic.com www.facebook.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.fasttimes.com.au *.cloudflare.com *.twitter.com https://www.google-analytics.com/ *.google.com *.twimg.com www.gstatic.com *.fontawesome.com klarnaservices.com/ https://consent.cookiebot.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://loader.wisepops.com/ http://cdn.wisepops.com/ https://cdn.wisepops.com/ https://fonts.googleapis.com https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.nr-data.net/ *.newrelic.com/ https://h.online-metrix.net https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ https://cardinalcommerce.com/ https://www.google.com/recaptcha/api.js www.googletagmanager.com http://ajax.googleapis.com/ https://c.paypal.com/ https://www.paypal.com/ https://na-library.klarnaservices.com/lib.js *.plugins.emarsys.net *.scarabresearch.com cdn.evgnet.com *.afterpay.com *.facebook.com *.facebook.net *.googleapis.com geoip-db.com cdn.livechatinc.com api.livechatinc.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com downloads.mailchimp.com *.fontawesome.com *.fasttimes.com.au *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com https://fonts.googleapis.com/ https://www.paypal.com/ https://x.klarnacdn.net/ *.bootstrapcdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.fasttimes.com.au 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.fasttimes.com.au *.cloudflare.com *.twitter.com https://www.paypal.com/ *.twimg.com klarnaservices.com/ *.klarnauserservices.com *.klarnaevt.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://popup.wisepops.com/ https://tracking.wisepops.com/ https://bam.nr-data.net/ *.nr-data.net/ *.newrelic.com/ https://cardinalcommerce.com/ https://geostag.cardinalcommerce.com/ *.googleapis.com https://r1.trackedweb.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://widgetapi.purechat.com/ https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://www.google.com/ https://api.braintreegateway.com http://amcglobal.sc.omtrdc.net http://rum-collector-2.pingdom.net https://evt-na.klarnaservices.com/ *.scarabresearch.com *.eservice.emarsys.net *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eccspreports.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src use.typekit.net *.klarnacdn.net *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.doubleclick.net *.google.com https://www.googletagmanager.com/ www.xtento.com *.hotjar.com *.hotjar.io *.facebook.com *.mollie.com *.visualwebsiteoptimizer.com app.vwo.com *.klarna.com *.google.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com *.cloudfront.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.xtento.com cdn.xtento.com img.youtube.com *.bing.com *.facebook.com *.google.com *.google.at *.google.de *.google.ch *.google.it *.google.nl *.elfsight.com *.elfsightcdn.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.cookieyes.com cdn-cookieyes.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com *.hsforms.net *.hsforms.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.google.com *.googleapis.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.xtento.com cdn.xtento.com http://widgets.trustedshops.com *.google-analytics.com *.googleadservices.com *.bing.com *.hotjar.com *.hotjar.io *.taboola.com *.facebook.net *.doubleclick.net *.online-metrix.net *.elfsight.com *.cloudflare.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.cookieyes.com cdn-cookieyes.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.mollie.com *.hsforms.net *.hsforms.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com cdn.pushcrew.com s3.amazonaws.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.analytics.google.com *.appspot.com *.taboola.com *.hotjar.com *.hotjar.io *.bing.com *.elfsight.com *.visualwebsiteoptimizer.com app.vwo.com *.cookieyes.com cdn-cookieyes.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net data: https://fonts.gstatic.com https://www.multivlaai.nl *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net https://static.buckaroo.nl https://maps.gstatic.com http://maps.gstatic.com https://maps.googleapis.com http://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.be https://www.multivlaai.nl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://ecookie.nl https://www.ecookie.nl https://www.googletagmanager.com https://www.multivlaai.nl https://tdep.multivlaai.nl http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com http://fonts.googleapis.com https://www.multivlaai.nl *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://stats.g.doubleclick.net https://www.google-analytics.com/ https://www.multivlaai.nl http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/; report-to report-endpoint; 1
default-src 'self' www.clarity.ms fonts.gstatic.com data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.clarity.ms *.usercentrics.eu www.googletagmanager.com www.google-analytics.com login-ds.dotomi.com www.google.com www.gstatic.com data:; connect-src 'self' *.usercentrics.eu www.google-analytics.com api-js.mixpanel.com *.azurewebsites.net;  img-src 'self' *.service.usercentrics.eu app.usercentrics.eu www.google-analytics.com *.cloudfront.net data:;  style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com www.google-analytics.com;base-uri 'self';form-action 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-Lwtn52o6Hpvp2JdwPBANtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://maxcdn.bootstrapcdn.com https://use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * webservices.securetrading.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://ebizmarts-website.s3.amazonaws.com www.opayo.co.uk www.sagepay.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://magento.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com webservices.securetrading.net *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://www.google-analytics.com https://stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com o402164.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * app.universign.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.google.com/ *.hotjar.com *.facebook.com *.force.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.gacd.fr *.linkedin.com *.facebook.com *.google.fr *.mirakl.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.avada.io *.google.com/ *.universign.com *.hotjar.com *.force.com *.licdn.com *.cookielaw.org *.facebook.net *.salesforceliveagent.com *.newrelic.com https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com app.universign.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://get.geojs.io *.avada.io *.cookielaw.org *.google-analytics.com *.onetrust.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.cooladata.com drupal-cms-content-dps.s3.eu-west-1.amazonaws.com cdn.hotelbeds.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.eands.com.au https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.eands.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://*.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.eands.com.au *.criteo.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.eands.com.au *.newrelic.com *.nr-data.net *.googleapis.com *.criteo.net *.criteo.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.eands.com.au *.typography.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.eands.com.au 'self' 'unsafe-inline'; media-src *.adobe.com *.eands.com.au 'self' 'unsafe-inline'; manifest-src *.eands.com.au 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com thm.visa.com *.eands.com.au *.nr-data.net *.newrelic.com *.googleapis.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.eands.com.au assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eands.com.au *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl app-accept.autopay.pl app.autopay.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com app.autopay.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cards-accept.bm.pl cards.bm.pl pay.google.com *.google-analytics.com *.googletagmanager.com *.autopay.pl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com images.latitudepayapps.com imageapi.magebinary.co.nz maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com data: *.form.jotform.com *.jotform.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com *.taggbox.com *.authorize.net *.pinterest.com *.form.jotform.com *.jotform.com *.doubleclick.net *.jotform.io eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://plumrocket.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net *.magentocommerce.com *.latitudefinancial.com *.adnxs.com *.pinterest.com *.mediaiqdigital.com *.eurekafurniture.com.au www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.taggbox.com *.tidiochat.com *.tidio.com *.authorize.net *.jsdelivr.net *.lfscnp.com *.evgnet.com *.googleapis.com www.facebook.com *.pinterest.com *.adnxs.com *.crazyegg.com *.form.jotform.com *.jotform.com *.jotfor.ms eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com *.avada.io connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co https://accounts.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.jotfor.ms images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.tidio.co *.zip.co *.paypal.com *.algolia.io *.google-analytics.com *.livechatinc.com *.form.jotform.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.adobedtm.com *.omtrdc.net *.doubleclick.net *.freshchat.com static.zipmoney.com.au edge.fullstory.com media.flixcar.com *.gstatic.com azcd.joycemayne.com.au www.googletagmanager.com *.facebook.com www2.harveynorman.com.au static.zip.co *.everesttech.net *.googlesyndication.com www.sc.pages07.net rt.flix360.com www.google.com media.flixfacts.com *.azureedge.net b.sli-spark.com api.zipmoney.com.au prod.flixgvid.flix360.io rs.fullstory.com *.facebook.net api.ipstack.com js-agent.newrelic.com www.pages07.net bam.nr-data.net *.imgix.net adservice.google.com www.harveynorman.com.au saas-p2w.azurewebsites.net www.google-analytics.com cdn.jsdelivr.net joycemayne.resultspage.com *.demdex.net *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.gstatic.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.adyen.com *.twitter.com *.google.com *.pinterest.com *.addthis.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.snapwidget.com static.addtoany.com gum.criteo.com lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.adyen.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.facebook.com *.facebook.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net axeptio.imgix.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro * https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.adyen.com cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.fr *.gstatic.com *.trustedshops.com *.fontawesome.com static.addtoany.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.googleapis.com *.facebook.com *.facebook.net graph.instagram.com widgets.pinterest.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com * *.moatads.com *.pinterest.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.adyen.com cdn.ampproject.org *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.pinterest.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.doubleclick.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com static.addtoany.com *.facebook.com *.facebook.net http://dpm.demdex.net *.addthis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https://www.google.com https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com https://consent.cookiebot.com; font-src data: https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://fonts.gstatic.com https://region1.analytics.google.com 'unsafe-inline' 'unsafe-eval'; script-src https://maps.google.com https://maps.googleapis.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https://maps.google.com https://maps.googleapis.com http://fonts.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://region1.analytics.google.com https://10.8.215.223; object-src https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://region1.analytics.google.com https://10.8.215.223; img-src https://maps.googleapis.com https://www.google.com https://www.google.pl https://maps.gstatic.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com https://www.google-analytics.com data:; frame-src https://www.saferpay.com https://maps.google.com https://maps.googleapis.com https://consent.cookiebot.com https://www.loterie.lu https://region1.analytics.google.com https://loterie.lu; upgrade-insecure-requests; 1
script-src 'self' *.healius.com.au cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com unpkg.com 'nonce-2726c7f26c' 'nonce-2726c7f261' 'nonce-2726c7f262';style-src 'self' *.healius.com.au fonts.googleapis.com;font-src 'self' *.healius.com.au fonts.googleapis.com fonts.gstatic.com;img-src 'self' *.healius.com.au cdn.cloudflare.com;frame-src 'self' *.healius.com.au;media-src 'self' *.healius.com.au;object-src 'none';child-src 'none';worker-src 'none';manifest-src 'none';prefetch-src 'none';connect-src 'none';navigate-to *.healius.com.au *.live.com *.microsoftonline.com login.microsoft.com;form-action *.healius.com.au *.live.com *.microsoftonline.com login.microsoft.com;default-src 'self' *.healius.com.au; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.ua https://www.myheritage.com.ua  'unsafe-eval' 'nonce-34a8739f703fbd9d2037ab910693f003' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.ua;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com fonts.googleapis.com; img-src 'self' * data: http://www.w3.org/2000/svg;; media-src *; frame-ancestors 'self'; report-uri https://www.svelty.com.mx/report-csp-violation 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.doubleclick.net *.sharethis.com *.hotjar.com www.googletagmanager.com *.pingdom.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de oppwa.com *.oppwa.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com oppwa.com *.oppwa.com data:text https://plumrocket.com *.sharethis.com *.hotjar.com *.addthis.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com oppwa.com *.oppwa.com *.doubleclick.net *.sharethis.com *.hotjar.com www.googletagmanager.com *.pingdom.net *.google-analytics.com www.google.com www.google.co.za *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.oppwa.com oppwa.com *.doubleclick.net *.sharethis.com *.hotjar.com www.googletagmanager.com *.pingdom.net *.google-analytics.com *.addthis.com *.moatads.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline oppwa.com *.oppwa.com *.doubleclick.net *.sharethis.com *.hotjar.com www.googletagmanager.com *.pingdom.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com oppwa.com *.oppwa.com *.doubleclick.net *.sharethis.com *.hotjar.com www.googletagmanager.com *.pingdom.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-LbONu9Yr0zEvMwshG_GBkwBpg8yuF6OO'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.saudeportomed.com.br use.typekit.net *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.gstatic.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com helpcrunch.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.co *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com zolotakraina.ua *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com https://polyfill.io polyfill.io multisearch.io widget.helpcrunch.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.helpcrunch.com wss://uniongroup.helpcrunch.com/ uniongroup.helpcrunch.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';font-src 'self';form-action 'self';img-src 'self' https://www.googletagmanager.com https://www.google.com.au https://www.google.co.nz https://www.facebook.com;media-src 'self';object-src;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://booking.kiwirailscenic.co.nz/ https://www.googletagmanager.com https://www.google-analytics.com/ https://script.crazyegg.com/ https://static.hotjar.com https://script.hotjar.com https://www.youtube.com;report-uri https://report-to-api.raygun.com/reports-csp?apikey=poMK7TNoi9H6KWPeQVtkvQ; 1
default-src 'self' *.hotjar.com; script-src 'self' data: *.addthis.com *.pingdom.net *.facebook.net *.googletagmanager.com *.google-analytics.com *.addthisedge.com *.moatads.com *.hotjar.com 'nonce-M+Fv/td2uIoiJ8xzQNClWoO87yPiuj1S8Np53Ce30MA=' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' data: *.openstreetmap.org *.facebook.com *.google-analytics.com *.addthis.com *.gstatic.com; frame-src 'self' *.addthis.com *.hotjar.com; font-src 'self' *.hotjar.com; connect-src 'self' *.pingdom.net *.addthis.com stats.g.doubleclick.net *.google-analytics.com *.hotjar.io *.facebook.com; report-uri /nl/report-csp-violation 1
object-src 'none';base-uri 'self';script-src 'nonce-EMVdYVk3J1uFzf7tk0-Iug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-RNSaMSfFtSYpDg4EigsYhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src data: *.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net *.stockinstore.net *.freshworks.com *.cloudflare.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.facebook.com *.stockinstore.net *.freshworks.com *.cloudflare.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io https://*.cloudfront.net https://www.whitworths.com.au https://*.paypal.com https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net *.stockinstore.net *.freshworks.com *.cloudflare.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.ecomm-nav.com https://*.zipmoney.com.au https://*.facebook.com *.zdassets.com *.barilliance.com *.barilliance.net chimpstatic.com snapui.searchspring.io *.stockinstore.net *.freshworks.com *.cloudflare.com https://cdn.searchspring.net/intellisuggest/is.min.js *.googleapis.com *.gstatic.com downloads.mailchimp.com *.list-manage.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.stockinstore.net *.freshworks.com *.cloudflare.com fonts.googleapis.com downloads.mailchimp.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://*.cloudfront.net https://*.zip.co https://maps.googleapis.com stockinstore.net *.stockinstore.net *.freshworks.com *.cloudflare.com https://beacon.searchspring.io/beacon *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KxIVQVZX3tmaqOugzPN3bg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src bdl-india.in https://cbpssubscriber.mygov.in; img-src bdl-india.in https://www.google-analytics.com/ https://cbpssubscriber.mygov.in; media-src bdl-india.in https://cbpssubscriber.mygov.in; frame-src *.tradingview.com *.google.com bdl-india.in; frame-ancestors *.gstatic.com fonts.googleapis.com bdl-india.in; font-src bdl-india.in *.gstatic.com fonts.googleapis.com https://cbpssubscriber.mygov.in; report-uri /report-csp-violation 1
font-src *.squarecdn.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com dc89tf1ynkwmh.cloudfront.net use.typekit.net data: font.static.useinsider.com *.typekit.net *.cloudfront.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.iequalchange.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com *.trustpilot.com *.braintreegateway.com *.kaptcha.com e.issuu.com nationaltiles.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net *.prontoavenue.biz *.hotjar.com data: *.useinsider.com www.youtube-nocookie.com *.iequalchange.com http://www.sandbox.paypal.com *.twitter.com *.dpm.demdex.net *.openpay.com.au *.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.cdninstagram.com www.nationaltiles.com.au hnd.stats.paypal.com v2assets.zopim.io scontent-syd2-1.cdninstagram.com static.openpay.com.au log.api.useinsider.com site-assets.afterpay.com nationaltiles-ardemo-eau.azurewebsites.net *.google.com.au *.google.com.vn *.google.com.ph image.useinsider.com *.google.com *.facebook.com *.useinsider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.instagram.com unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com connect.facebook.net *.hotjar.com eitri.api.useinsider.com *.openpay.com.au *.google.com *.google.com.au *.google.com.vn *.google.com.ph data: *.useinsider.com *.iequalchange.com apps.jobadder.com static.zdassets.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.braintree-api.com *.afterpay.com *.amplitude.com *.dpm.demdex.net *.cardinalcommerce.com *.ccdc02.com *.doubleclick.net *.braintreegateway.com *.unpkg.com *.trustpilot.com *.zipmoney.com.au *.emarsys.net cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com assets.api.useinsider.com *.useinsider.com *.cloudflare.com *.braintree-api.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com 'self' 'unsafe-inline'; object-src nationaltiles-ardemo-eau.azurewebsites.net 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zdassets.com nationaltiles-ardemo-eau.azurewebsites.net data: *.useinsider.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com socialproof.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net api.zipmoney.com.au *.zip.co location.api.useinsider.com carrier.useinsider.com segment.api.useinsider.com stats.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io abacus.api.useinsider.com data: *.useinsider.com *.cloudflare.com *.twitter.com *.twimg.com *.zopim.io *.google-analytics.com https://stats.g.doubleclick.net *.openpay.com.au *.amplitude.com *.dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1
font-src *.lrparts.net *.chat.getzowie.com *.chatbotize.com *.stripe.com *.google.com *.sagepay.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.lrparts.net *.chat.getzowie.com *.chatbotize.com https://cdn.clerk.io *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.lrparts.net *.chat.getzowie.com *.chatbotize.com https://api.clerk.io https://cdn.clerk.io *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.lrparts.net *.chat.getzowie.com *.chatbotize.com https://api.clerk.io https://cdn.clerk.io *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.lrparts.net *.chat.getzowie.com *.chatbotize.com *.stripe.com *.google.com *.paypal.com *.sagepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.lrparts.net *.chat.getzowie.com *.chatbotize.com 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: cdn.radiall.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net distributors.radiall.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com cdn.radiall.com *.cookiebot.com *.livechatinc.com distributors.radiall.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu cdn.radiall.com *.cookiebot.com *.linkedin.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.radiall.com *.livechatinc.com *.bc0a.com api.brightedge.com snap.licdn.com *.linkedin.oribi.io *.googletagmanager.com *.google-analytics.com analytics.google.com *.doubleclick.net *.cookiebot.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.avada.io https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.radiall.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.googleapis.com cdn.radiall.com *.linkedin.com *.bc0a.com api.brightedge.com *.google-analytics.com *.doubleclick.net *.cookiebot.com *.linkedin.oribi.io analytics.google.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xj37FT-uBWEV5X6AIMcrAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.wickedtemptations.com *.cloudfront.net *.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com c.sharethis.mgr.consensu.org *.sharethis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.wickedtemptations.com *.cloudfront.net *.klaviyo.com www.google.com www.google.rs *.sharethis.com https://a.klaviyo.com store.paradoxlabs.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.wickedtemptations.com *.newrelic.com bam.nr-data.net *.cloudfront.net *.googletagmanager.com *.noibu.com *.simpli.fi *.klaviyo.com *.sharethis.com h.online-metrix.net https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io cdn.jsdelivr.net *.authorize.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.wickedtemptations.com *.cloudfront.net *.klaviyo.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bam.nr-data.net *.wickedtemptations.com *.cloudfront.net *.klaviyo.com stats.g.doubleclick.net *.sharethis.com https://static.klaviyo.com https://fast.a.klaviyo.com *.authorize.net *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com hcaptcha.com *.hcaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ hcaptcha.com *.hcaptcha.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com t.elasticsuite.io ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://sc-static.net/scevent.min.js https://analytics.tiktok.com https://tr.snapchat.com https://www.dwin1.com/;style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' https://api.royaltiz.com wss://api.royaltiz.com https://cognito-idp.eu-west-1.amazonaws.com https://www.google-analytics.com https://tr.snapchat.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://cognito-identity.eu-west-1.amazonaws.com https://region1.google-analytics.com https://homologation-webpayment.payline.com/webpayment/getToken https://ipv4.icanhazip.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://tr.snapchat.com https://api.sandbox.mangopay.com https://api.mangopay.com https://3ds-acs.test.modirum.com https://3ds-acs.modirum.com;img-src 'self' data: https://assets.royaltiz.com https://assets.royaltiz.com https://www.google.com/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google-analytics.com https://www.facebook.com https://t.co https://tr.snapchat.com https://www.payline.com/images/;manifest-src 'self';media-src 'self';worker-src 'none'; 1
font-src *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.facebook.net *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com sugarfreeshops.com *.cloudflare.com *.cloudfront.net *.simpler.so *.socital.com *.google.com *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com consentcdn.cookiebot.com *.facebook.com *.youtube.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.google.com *.simpler.so *.socital.com *.bestprice.gr *.pstatic.gr *.adman.gr *.googlesyndication.com *.addsauce.com *.gstatic.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com *.youtube.com *.twitter.com *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.sugarfreeshops.com sugarfreeshops.com *.facebook.net *.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.google.com *.doubleclick.net *.facebook.net *.klarna.com *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.cookiebot.com *.boxnow.gr/ *.contactpigeon.com *.skroutz.gr *.tiktok.com *.hotjar.com *.linkwi.se *.criteo.com *.criteo.net *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.googlesyndication.com trustmark.gr *.socital.com *.addsauce.com *.gstatic.com snapppt.com *.cardinalcommerce.com *.crazyegg.com *.addtoany.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.clarity.ms *.socital.com www.google.gr *.contactpigeon.com *.cookiebot.com *.google-analytics.com *.skroutz.gr http://trustmark.gr https://trustmark.gr *.tiktok.com *.adnxs.com *.criteo.com *.e-satisfaction.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.cdninstagram.com snapppt.com *.addsauce.com *.cardinalcommerce.com *.linkwi.se *.crazyegg.com *.cloudflare.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io 'self' data: *.sugarfreeshops.com sugarfreeshops.com *.cookiebot.com *.googleadservices.com *.googleoptimize.com *.addtoany.com *.pinterest.com *.tumblr.com *.tiktok.com go.linkwi.se *.google.gr *.contactpigeon.com *.adman.gr *.e-satisfaction.com trustmark.gr *.hotjar.com *.socital.com *.criteo.net *.criteo.com *.simpler.so *.clarity.ms *.bestprice.gr *.pstatic.gr *.googlesyndication.com *.addsauce.com snapppt.com *.cardinalcommerce.com *.linkwi.se *.crazyegg.com *.skroutz.gr *.weezmo.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.net *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com sugarfreeshops.com *.socital.com *.cloudfront.net *.google.com *.contactpigeon.com *.myfonts.net *.cloudfront.com *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com *.facebook.com *.youtube.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; media-src *.adobe.com *.sugarfreeshops.com sugarfreeshops.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com connect.facebook.net *.facebook.net *.google.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.sugarfreeshops.com sugarfreeshops.com maps.googleapis.com stats.g.doubleclick.net consent.cookiebot.com *.tiktok.com *.doubleclick.net *.googlesyndication.com *.clarity.ms 'self' wss: 'unsafe-inline' wss: *.sentry.io *.contactpigeon.com *.e-satisfaction.com snapppt.com *.socital.com *.hotjar.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com *.gstatic.com skroutza.skroutz.gr go.linkwi.se script.crazyegg.com consentcdn.cookiebot.com *.facebook.com www.youtube.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src *.sugarfreeshops.com sugarfreeshops.com http: https: blob: 'self' 'unsafe-inline'; default-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-KsBYPLNBErNXNLDRi6eJNLJucKPzg4x1zmmgaKyg7T8='; base-uri 'self';report-to csp-endpoint 1
default-src *;style-src * 'unsafe-inline'; img-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.bc0a.com cdn.b0e8.com  *.shelterpoint.com www.shelterpoint.com shelterpoint.com infostage.shelterpoint.com netdna.bootstrapcdn.com code.jquery.com www.chromestatus.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com  seal.digicert.com d2bnxibecyz4h5.cloudfront.net pi.pardot.com connect.facebook.net get663.com c.chuyueshop.com 1.safecdn01.com https://gc.kis.v2.scr.kaspersky-labs.com;script-src-elem 'unsafe-eval' 'unsafe-inline' cdn.bc0a.com cdn.b0e8.com  *.shelterpoint.com www.shelterpoint.com shelterpoint.com infostage.shelterpoint.com netdna.bootstrapcdn.com code.jquery.com www.chromestatus.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com seal.digicert.com d2bnxibecyz4h5.cloudfront.net pi.pardot.com connect.facebook.net get663.com c.chuyueshop.com 1.safecdn01.com https://gc.kis.v2.scr.kaspersky-labs.com;object-src 'none';base-uri 'self';frame-ancestors 'self';font-src * data:; report-uri /cspreport.aspx; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.lever.co https://backend.tendermint.com https://www.google-analytics.com; font-src 'self' data: fonts.gstatic.com https://raw.githubusercontent.com; frame-src 'self'; img-src 'self' data: about: blob: https://www.gstatic.com/images/ https://cdn-images-1.medium.com https://d33wubrfki0l68.cloudfront.net https://www.google-analytics.com; manifest-src 'self'; media-src 'self' data:; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; report-uri https://bce8f9ed809bb395c2d2805d76f7e87a.report-uri.com/r/d/csp/reportOnly; 1
script-src 'nonce-EyjNEvnC6dfiZwGpCXRFrg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=connect-dot-com-public-ui/static-1.1683/html/index.html&cfRay=883f745bceb0f973-SJC 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com www.googletagmanager.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl www.google.nl google.nl google.com bat.bing.com c.bing.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com bat.bing.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl ajax.googleapis.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KXTxl6m0Bnu01IvUdBXjag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WFnH7IC1spAgtfhxahasag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pbMJUk40d7FJUu7TznDfgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com data: *.doofinder.com *.sagepay.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com *.doofinder.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.awin1.com *.zenaps.com *.doubleclick.net *.hotjar.com *.yieldify.com *.iubenda.com *.paypal.com *.braintreegateway.com *.kaptcha.com *.doofinder.com *.trustpilot.com *.facebook.net *.facebook.com *.laybuy.com *.salesfire.co.uk cdn.dnky.co webchat.dotdigital.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com *.awin1.com *.zenaps.com *.smartmetrics.co.uk *.salesfire.co.uk *.ometria.com *.bing.com *.google.com *.google.co.uk *.google.com.eg *.google-analytics.com *.paypal.com *.facebook.net *.facebook.com *.pinterest.com *.postcodeanywhere.co.uk *.doofinder.com *.laybuy.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com validate.fishpig.co.uk https://static.afterpay.com *.sagepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.smartmetrics.co.uk *.salesfire.co.uk *.hotjar.com *.pcapredict.com *.zdassets.com *.ometria.com foursixty.com *.google.com *.gstatic.com *.facebook.net *.zoovu.com *.iubenda.com *.googletagmanager.com *.yieldify.com *.bing.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.mention-me.com *.postcodeanywhere.co.uk *.yimg.com *.yahoo.com cdn.doofinder.com https://eu1-search.doofinder.com *.trustpilot.com *.tiktok.com *.noibu.com *.doubleclick.net *.segmentify https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com foursixty.com *.postcodeanywhere.co.uk *.doofinder.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.fontawesome.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.vimeo.com *.akamaized.net *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://the.sciencebehindecommerce.com *.smartmetrics.co.uk *.salesfire.co.uk *.zdassets.com foursixty.com *.hotjar.com *.hotjar.io *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com wss://input.noibu.com *.iubenda.com *.doubleclick.net *.google-analytics.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.nr-data.net *.pinterest.com *.postcodeanywhere.co.uk *.yimg.com *.doofinder.com *.noibu.com *.tiktok.com *.facebook.net *.facebook.com https://www.facebook.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.comapi.com webchat.dotdigital.com *.sagepay.com https://checkout.iwdagency.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.olark.com *.hotjar.com *.paypalobjects.com *.fontawesome.com *.sirv.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.dotdigital-pages.com *.dotdigital.com *.trustpilot.com magento-cloudflare.jetrails.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com *.trackedlink.net *.adnxs.com *.facebook.com *.postcodeanywhere.co.uk *.olark.com *.google.ro *.hotjar.com *.simplypaving.com *.zenaps.com *.awin1.com *.doubleclick.net *.roeye.com *.cookielaw.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.sirv.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.adnxs.com *.facebook.net *.olark.com *.cookielaw.org *.hotjar.com *.fullstory.com *.dwin1.com *.smct.io smct.co *.usabilla.com *.pcapredict.com *.postcodeanywhere.co.uk *.zenaps.com *.upsellit.com *.sciencebehindecommerce.com *.roeyecdn.com *.trustpilot.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.postcodeanywhere.co.uk *.olark.com *.trustpilot.com downloads.mailchimp.com *.fontawesome.com assets.braintreegateway.com *.sirv.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com smct.co *.wepowerconnections.com *.smct.io *.fullstory.com *.cookielaw.org *.hotjar.io *.doubleclick.net *.amazonaws.com *.olark.com *.postcodeanywhere.co.uk *.sciencebehindecommerce.com *.trustpilot.com *.hotjar.com *.onetrust.com *.adnxs.com 'self' ws: https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.sirv.com *.youtube.com blob: *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; base-uri 'none'; script-src 'nonce-cbbdf99ab18e3bba6e8e079cb397bbf2' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; 1
object-src 'none';base-uri 'self';script-src 'nonce-TdUgA4LLis_Cqw6lwM9waA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' api.addressfinder.io *.google-analytics.com *.googletagmanager.com *.ytimg.com *.youtube.com; script-src-elem 'self' 'unsafe-inline' api.addressfinder.io *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com; style-src 'report-sample' 'self' 'unsafe-inline' api.addressfinder.io *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.google.com.au *.google.co.nz *.doubleclick.net *.google-analytics.com translate.googleapis.com; font-src 'self' fonts.gstatic.com; child-src 'self' *.lawsociety.org.nz *.googletagmanager.com youtube.com www.youtube.com player.vimeo.com staticcdn.co.nz; frame-ancestors 'self'; frame-src 'self' www.youtube.com w.soundcloud.com www.google.com maps.google.co.nz; img-src 'self' *.google.com *.google.co.nz *.google.com.au *.ggpht.com data: *.google-analytics.com *.google.com *.google.com.au *.googletagmanager.com *.gstatic.com *.ytimg.com *.vimeocdn.com staticcdn.co.nz; manifest-src 'self'; media-src 'self'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=GMMydwcssVrny9itMp4jA; worker-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Sy5pDJGbAm7HKY5hgSptSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maxcdn.bootstrapcdn.com data: https://*.cloudflare.com *.typekit.net *.googleapis.com https://*.authorize.net https://*.cardinalcommerce.com https://*.trustedshops.com https://*.tawk.to https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.facebook.com/ https://ct.pinterest.com/ https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; frame-ancestors data: 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net js.stripe.com www.google.com https://www.youtube.com https://www.google.com https://www.google.ro https://www.google.bg https://www.facebook.com/ https://*.cardinalcommerce.com https://*.authorize.net https://*.paypal.com https://*.sandbox.paypal.com https://*.hotjar.com https://*.pinterest.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.tawk.to https://s7.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com ct.pinterest.com data: https://*.cloudflare.com https://cdn.klarna.com https://www.magecomp.com https://*.paypal.com www.paypalobjects.com https://*.sandbox.paypal.com https://*.g.doubleclick.net https://*.vimeocdn.com https://s.ytimg.com https://*.usercentrics.eu https://*.magentocommerce.com https://www.google.ro https://www.google.com https://*.tawk.to https://cdn.jsdelivr.net https://*.cdninstagram.com  https://*.xx.fbcdn.net www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net http://seal.alphassl.com/ https://secure.trust-provider.com https://ssl.comodo.com https://feedback.trusted.ro https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com maps.gstatic.com maps.google.com https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net https://*.google.com flagpedia.net cdn1.themarketer.com 'self' 'unsafe-inline'; script-src https://*.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com https://*.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.stripe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com https://*.cloudflare.com https://*.google.com *.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com maps.googleapis.com https://*.trustedshops.com https://*.usercentrics.eu https://*.cardinalcommerce.com https://*.googleadservices.com https://googleadservices.com https://*.authorize.net https://*.paypalobjects.com https://*.ytimg.com *.braintreegateway.com *.signifyd.com https://connect.facebook.net https://embed.productlead.me https://chimpstatic.com https://*.tawk.to https://*.hotjar.com https://*.getsitecontrol.com https://*.g.doubleclick.net https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ http://seal.alphassl.com/ https://secure.trust-provider.com https://cdn.jsdelivr.net https://s.pinimg.com https://*.pinterest.com https://*.paypal.com https://*.sandbox.paypal.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.avada.io cdn1.themarketer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com https://*.cloudflare.com https://*.trustedshops.com https://*.usercentrics.eu https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.tawk.to https://cdn.jsdelivr.net https://*.googleapis.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://static.xpertbeauty.ro https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com ct.pinterest.com https://*.cloudflare.com https://*.paypal.com https://*.cardinalcommerce.com www.facebook.com www.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.productlead.me wss://*.productlead.me www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net https://stats.g.doubleclick.net https://bam.eu01.nr-data.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com https://s7.addthis.com https://api-public.addthis.com https://in.hotjar.com https://vc.hotjar.io maps.googleapis.com https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net www.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://*.xpertbeauty.ro/; report-to report-endpoint; 1
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ https://www.youtube.com sibautomation.com secure.pay1.de ekr.zdassets.com static.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com static.addtoany.com *.reviews.io *.reviews.co.uk *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com scontent.cdninstagram.com googleads.g.doubleclick.net v2assets.zopim.io static.zdassets.com *.google.at *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://cdn.plyr.io maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.google.com/ cookiehub.net sibautomation.com secure.pay1.de ekr.zdassets.com sibforms.com static.zdassets.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com static.addtoany.com jquery.sellxed.com maps.googleapis.com *.reviews.io *.reviews.co.uk *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com ekr.zdassets.com static.zdassets.com * sibforms.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnacdn.net *.addtoany.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org graph.instagram.com googleads.g.doubleclick.net consent.cookiehub.net in-automate.sendinblue.com wss://widget-mediator.zopim.com ekr.zdassets.com skinfit.zendesk.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com maps.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-OdZDwsPh9wCvEH2ReyngEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DxFzrtyw4NfOM2y-lN2KIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.gstatic.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com maps.googleapis.com *.google.com fonts.googleapis.com cdn.lr-ingest.io r.lr-ingest.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com winathuntingandfishing.co.nz *.laybuy.com *.addthis.com *.facebook.com huntingandfishing.freshdesk.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.paymentexpress.com *.windcave.com www.xtento.com maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com *.cloudflare.com *.cloudfront.net https://cdn.klarna.com *.gstatic.com *.paypal.com *.afterpay.com https://s.ytimg.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.clarity.ms *.bing.com t.zip.co static.zipmoney.com.au www.xtento.com cdn.xtento.com maps.googleapis.com *.google.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://api.addressfinder.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.cloudflare.com *.cloudfront.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.intercomcdn.com *.intercom.io *.addthis.com *.addthisedge.com *.moatads.com *.facebook.net *.clarity.ms *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ static.zipmoney.com.au zip.co www.xtento.com cdn.xtento.com maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://api.addressfinder.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.typekit.net foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.freshworks.com s3.amazonaws.com/assets.freshdesk.com/ maps.googleapis.com *.google.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline'; object-src maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cdninstagram.com *.instagram.com maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://api.addressfinder.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.cloudflare.com *.cloudfront.net foursixty.com *.paypal.com *.googleapis.com *.addthis.com *.addthisedge.com *.moatads.com *.intercom.io *.cdninstagram.com *.instagram.com *.clarity.ms *.doubleclick.net *.freshworks.com maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com maps.googleapis.com *.google.com fonts.googleapis.com fonts.gstatic.com cdn.lr-ingest.io r.lr-ingest.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VC89mIHNJjTy02sfqU1IzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-N6WioLeWoc9NrWhKhiGTtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com recaptcha.net *.azureedge.net *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com epson.com.pe *.doubleclick.net *.gstatic.com www.google.com.pe js.qualified.com static.addtoany.com *.tiktok.com tags.tiqcdn.com fast.fonts.net *.linkedin.com *.bazaarvoice.com cdnjs.cloudflare.com *.goepson.com analytics.google.com *.omtrdc.net adservice.google.com www.youtube.com *.taboola.com bam.nr-data.net app.qualified.com www.googletagmanager.com *.epson.com cdn.cs.1worldsync.com epson.com www.google-analytics.com cdn.jsdelivr.net js-agent.newrelic.com wss://ws.qualified.com *.googleadservices.com static.filestackapi.com img.youtube.com ws.cs.1worldsync.com *.facebook.net tsdtocl.com *.googleapis.com *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'self' cdnjs.cloudflare.com https://unpkg.com stackpath.bootstrapcdn.com; script-src-attr 'self'; style-src 'self' https://pro.fontawesome.com https://use.fontawesome.com stackpath.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.iwdagency.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.weltpixel.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.paypal.com *.typekit.net *.gstatic.com maps.googleapis.com https://a.klaviyo.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.magento-ds.com *.typekit.net google.com *.google.com https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.iwdagency.com tagmanager.google.com *.fontawesome.com *.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.paypal.com google.com *.google.com https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com; script-src 'self' 'nonce-673dbce4-90b2-46d6-9bbd-e0d733393cbd' 'nonce-a92edb51-a967-4845-95ae-84212c30df23' 'nonce-74d623f7-b0fa-47d7-9417-f15c244bad72' 'nonce-cabd0637-b4b1-49c4-8abd-3fa94a551e1c' 'nonce-d95029a9-6536-41ab-bd21-5eaa4b58a267' 'nonce-6ada93ef-8449-4da6-af33-fe0f9d054d6d' 'nonce-cb1e2492-b160-469b-80e6-310cfcc9d7d9' 'nonce-84e06150-a96d-48f2-a477-50338d992d39' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.checkout.visa.com *.fundraiseup.com *.paypal.com *.paypalobjects.com *.plaid.com *.src.mastercard.com *.stripe.com cdn.fundraiseup.com m.stripe.network pay.google.com *.googletagmanager.com api.olark.com cdn-ukwest.onetrust.com knrpc.olark.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js static.olark.com; script-src-elem 'self' 'unsafe-inline' *.checkout.visa.com *.fundraiseup.com *.paypal.com *.paypalobjects.com *.plaid.com *.src.mastercard.com *.stripe.com cdn.fundraiseup.com m.stripe.network pay.google.com *.googletagmanager.com api.olark.com cdn-ukwest.onetrust.com knrpc.olark.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js static.olark.com bat.bing.com connect.facebook.net www.google.com googleads.g.doubleclick.net c5.adalyser.com *.gstatic.com cdn-ukwest.onetrust.com; style-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com https://careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com cdn-images.mailchimp.com cdn-images.mailchimp.com/embedcode/classic-061523.css static.olark.com; style-src-attr 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' static.olark.com careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com; style-src-elem 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' careinternational.org.uk careinternationaluk.ams3.cdn.digitaloceanspaces.com https://careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com cdn-images.mailchimp.com static.olark.com; object-src 'none'; base-uri 'self'; connect-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.checkout.visa.com *.fundraiseup.com *.mastercard.com *.paypal.com *.paypalobjects.com *.plaid.com *.stripe.com api.addressy.com fndrsp-checkout.net fndrsp.net google.com/pay knrpc.olark.com pay.google.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onetrust.com adservice.google.com *.google.co.ug *.google.com *.analytics.google.com *.onetrust.com at.bing.com *.google.com stats.g.doubleclick.net adservice.google.com *.google.co.uk adservice.google.com www.facebook.com; font-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com *.fundraiseup.com *.stripe.com static.olark.com; frame-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com platform.twitter.com player.vimeo.com syndication.twitter.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com/ static.olark.com *.fundraiseup.com *.stripe.com *.src.mastercard.com *.checkout.visa.com *.plaid.com *.paypal.com pay.google.com www.google.com *.doubleclick.net *.paypalobjects.com *.google.com; img-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com 'unsafe-inline' abs.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com ton.twimg.com www.facebook.com www.google.co.uk www.google.com data: *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com log.olark.com t.paypal.com cdn-ukwest.onetrust.com bat.bing.com ad.doubleclick.net c5.adalyser.com *.google.es *.googletagmanager.com *.gstatic.com; manifest-src 'self' ciuk.test ciuk.hactar.work *.careinternational.org.uk https://careinternationaluk.ams3.cdn.digitaloceanspaces.com; media-src 'self'; worker-src 'self'; report-uri /csp/report/; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-Cw7GDvCBhaTmB0AkEmOr4BiQK' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com 'self' business.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.findbar.io https://media.mydesigndrops.com/ https://www.mydesigndrops.com/ business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.findbar.io https://s.yimg.com/ https://skroutza.skroutz.gr/ https://s.pinimg.com/ www.googleadservices.com/ *.criteo.com/ https://widgets.reevoo.com/ https://go.linkwi.se/ https://connect.facebook.net/ www.googletagmanager.com/ https://s.kk-resources.com/ certify-js.alexametrics.com/ www.vimeo.com/ googleads.g.doubleclick.net/ buttons-config.sharethis.com/ cdn.simpler.so sdk.local.simpler.so business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.findbar.io widgets.reevoo.com/ maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.findbar.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.google-analytics.com www.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.findbar.io l.sharethis.com/ https://s.yimg.com/ button.staging.simpler.so/ stats.g.doubleclick.net/ widgets.reevoo.com/ skynet.reevoo.com/ www.facebook.com/ https://ct.pinterest.com/ https://forms.soundestlink.com/ button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IHfBxt0WowKstOWRcnqUEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline'; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; font-src 'self' fonts.gstatic.com; form-action 'self' *.facebook.com; frame-src 'self' *.twitter.com *.facebook.com *.youtube.com; img-src 'self' *.twitter.com *.facebook.com *.google-analytics.com; script-src-elem 'self' 'unsafe-inline' *.facebook.net *.twitter.com *.norton.com *.google-analytics.com *.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com; report-uri https://csp.isecurenet.in/_csp_exim 1
report-uri https://d3pbriwfjpzs1.cloudfront.net/reports; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: siteintercept.qualtrics.com www.clarity.ms s.pinimg.com zneteq1pvhsgtrbdo-sanofidigital.siteintercept.qualtrics.com s.yimg.com googleads.g.doubleclick.net pdp-cdn.retargetly.com cookieless-campaign.prd-00.retargetly.com api.retargetly.com tag.demandbase.com servedbydoceree.doceree.com cdn.jsdelivr.net map.brightcove.com centri.dermatopia.it www.googletagmanager.com *.brightcove.net cdn.cookielaw.org vjs.zencdn.net crescendoc.wufoo.com code.jquery.com *.fls.doubleclick.net *.googletagmanager.com cdn.userway.org *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net tr.snapchat.com analytics.tiktok.com protect-de.mimecast.com secure.wufoo.com live.rezync.com go.affec.tv datenschutz.sanofi.de vjs.zencdn.ne assets.map.brightcove.com secure.adnxs.com cdn.di-capt.com td.doubleclick.net bh.contextweb.com players.brightcove.net www.google.com d29usylhdk1xyu.cloudfront.net static.ads-twitter.com cdn.conative.de tr.outbrain.com unpkg.com p.teads.tv js-agent.newrelic.com mc.yandex.ru sc-static.net zn3aagkdlsmr3mavu-sanofidigital.siteintercept.qualtrics.com plausible.io znbdrknogxeqwsbjw-sanofidigital.siteintercept.qualtrics.com ads-engagement.presage.io cdn.conative.de mc.yandex.ru cookieless-campaign.prd-00.retargetly.com cdn.boomtrain.com assistant.woorank.com survey.pulseinsights.com ads-engagement.presage.io js.pulseinsights.com static.hotjar.com js.adsrvr.org cdn.segment.com amplify.outbrain.complayer.vimeo.com zn0nhxevkusg0e29g-dtassociates.siteintercept.qualtrics.comc1.rfihub.net bam.nr-data.net wave.outbrain.com *.wufoo.com *.brightcove.net cdn.cookielaw.org vjs.zencdn.net crescendoc.wufoo.com code.jquery.com *.fls.doubleclick.net *.googletagmanager.com cdn.userway.org *.youtube.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net zndm4asbzqswwu5pk-sanofidigital.siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com secure.wufoo.com ads-engagement.presage.io cdn.conative.de cdn.boomtrain.com pdp-cdn.retargetly.com p.teads.tvassistant.woorank.com ads-engagement.presage.io js.pulseinsights.com static.hotjar.com cdn.segment.com amplify.outbrain.complayer.vimeo.com bam.nr-data.net wave.outbrain.com aim-tag.hcn.health atopiker.prelivereview.co.uk c1.rfihub.net cdn.jsdelivr.net ct.pinterest.com *.cloudfront.net html2canvas.hertzen.com mc.yandex.ru player.vimeo.com rpxnow.com sanofi-japan.us.janrainsso.com script.hotjar.com snap.licdn.com www.googletagmanager.com znbboigis2bygkbps-sanofidigital.siteintercept.qualtrics.com zndm4asbzqswwu5pk-sanofidigital.siteintercept.qualtrics.com; 1
connect-src 'self' data: wss://fulltextsearch.org/flare ka-f.fontawesome.com yoast.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl translate.googleapis.com connect.facebook.net; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com/releases/v5.15.4/; frame-src 'self' data: uwr.edu.pl *.uwr.edu.pl maps.google.com *.youtube.com youtube.com player.vimeo.com www.google.com; img-src 'self' data: blob: graph.facebook.com *.xx.fbcdn.net s.w.org *.ytimg.com *.uwr.edu.pl *.fna.fbcdn.net secure.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com www.google.pl https://ssl.gstatic.com https://www.gstatic.com *.vimeocdn.com; object-src 'self'; script-src 'self' cdn.jsdelivr.net https://*.googletagmanager.com www.youtube.com use.fontawesome.com kit.fontawesome.com ajax.googleapis.com cdn-eu.readspeaker.com polyfill.io code.jquery.com https://tagmanager.google.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: code.jquery.com kit.fontawesome.com polyfill.io cdn-eu.readspeaker.com www.google-analytics.com/analytics.js cdn-eu.readspeaker.com ajax.googleapis.com cdn.jsdelivr.net www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com cdnjs.cloudflare.com cdn.datatables.net secure.polldaddy.com connect.facebook.net 'unsafe-inline'; style-src 'self' cdn.jsdelivr.net cdn-eu.readspeaker.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' uwr.edu.pl cdn.jsdelivr.net www.youtube.com fonts.googleapis.com cdn-eu.readspeaker.com 'unsafe-inline'; report-uri https://sentry.bonasoft.pl/api/49/security/?sentry_key=1626435f85d7818c444d5cac8e44b682 1
default-src 'self';script-src 'self' https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net 'nonce-h1NMuNk39Yv3c/pc812lsAEMy/b3ysB7AGfvmFrP+eM=';style-src 'self' https://*.googleapis.com 'unsafe-inline';connect-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com;font-src 'self' data: https://*.gstatic.com;img-src 'self' data: http://127.0.0.1:10000 https://az450429.vo.msecnd.net https://ericsoftcdn.blob.core.windows.net https://ericsoftcms.blob.core.windows.net https://*.fbsbx.com https://*.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googleusercontent.com https://*.google.com https://*.google.it https://*.google.fr;media-src 'none';object-src 'none';frame-ancestors 'none';frame-src https://*.google.com;report-uri /api/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-T_PiON5aw4J39B-Mr52ubA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';connect-src 'self' google.com *.google.com maps.googleapis.com metrics.hotjar.io analytics.google.com www.googletagmanager.com www.google-analytics.com www.google.com.br *.holofy.io *.outbrain.com *.oribi.io *.pinterest.com *.doubleclick.net *.tiktok.com *.facebook.com;default-src 'self' fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com *.youtube.com *.ffid.io *.pinterest.com *.facebook.com;form-action 'self' *.facebook.com;img-src 'self' cury.net homolog.cury.net app.cury.net www.google.com www.google.com.br data: *.linkedin.com *.pinterest.com *.facebook.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.facebook.net *.tiktok.com *.outbrain.com *.pinimg.com *.doubleclick.net static.hotjar.com *.googleapis.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net *.ffid.io *.onesignal.com onesignal.com *.cloudfront.net *.gaconnector.com *.ubembed.com *.snap.licdn.com *.fulfilling.io snap.licdn.com *.theskill.store 'nonce-GCpYvz2vH9gLTAN59i9Xii77JqumqJxl';script-src-attr 'unsafe-inline';style-src 'self';style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com cdn.datatables.net *.theskill.store 'nonce-GCpYvz2vH9gLTAN59i9Xii77JqumqJxl';style-src-attr 'unsafe-inline';frame-ancestors 'self';upgrade-insecure-requests 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 200.12.146.183/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com vpos.infonet.com.py *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.zdassets.com *.zendesk.com *.embluemail.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.zdassets.com *.zendesk.com *.embluemail.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zendesk.com *.embluemail.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 1
object-src 'none';base-uri 'self';script-src 'nonce-ZBgINP4ojZ771Hbi6ukFkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Mr75NOQbmpXJeOUxBI57bQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src client.diffuse.tools widget.freshworks.com 'self' stats.g.doubleclick.net www.google-analytics.com; img-src s.w.org www.googletagmanager.com 'self' data: px.ads.linkedin.com secure.gravatar.com www.google-analytics.com www.google.com www.google.nl; script-src-elem cdn.mxpnl.com widget.freshworks.com 'self' 'unsafe-inline' www.googletagmanager.com code.diffuse.nl cdnjs.cloudflare.com checkout.stripe.com snap.licdn.com www.google-analytics.com; report-uri https://whatsit.report-uri.com/r/d/csp/wizard 1
font-src *.stripe.com *.google.com *.sagepay.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com www.cameraworld.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.stripe.com *.google.com *.sagepay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com www.cameraworld.co.uk 'self' 'unsafe-inline'; frame-ancestors www.cameraworld.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com *.google.com *.sagepay.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com https://plumrocket.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.cameraworld.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.cameraworld.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.cameraworld.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com www.cameraworld.co.uk 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.cameraworld.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.stripe.com *.google.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com landofcoder.com https://www.google-analytics.com www.cameraworld.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.cameraworld.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.cameraworld.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' .clubedomalte.com.br *..clubedomalte.com.br ClubeDoMalte.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com cnt.my retargeter.com.br shopconvert.com.br tawk.to getblue.io hospedagemweb.net hotjar.io hotjar.com adschoom.com cloudflare.com linximpulse.net viptarget.com.br googleadservices.com smarthint.co bing.com ebit.com.br shoptarget.com.br googleapis.com doubleclick.net shopback.net citydsp.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.citydsp.com *.bing.com *.ebit.com.br *.shoptarget.com.br *.doubleclick.net *.shopback.net *.googleapis.com *.adschoom.com *.cloudflare.com *.linximpulse.net *.hotjar.com *.viptarget.com.br *.googleadservices.com *.smarthint.co *.hotjar.io *.getblue.io *.hospedagemweb.net *.tawk.to *.cnt.my *.retargeter.com.br *.shopconvert.com.br wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.picpay.com *.lomadee.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.mybeerclass.com.br mybeerclass.com.br *.criteotilt.com *.criteo.net *.criteo.com aprtn.com *.aprtn.com *.g.doubleclick.net *.google.com *.plataformasocial.com.br *.dataroyal.com.br *.acstat.com *.advcakebr.com *.clearsale.com.br app.picpay.com *.googleoptimize.com *.amazonaws.com *.execute-api.sa-east-1.amazonaws.com vfourc5jd2.execute-api.sa-east-1.amazonaws.com dzpxyxks1bfmb.cloudfront.net *.duminio.com *.nacaocervejeira.com.br nacaocervejeira.com.br *.enviou.com.br *.gstatic.com *.google.com.br *.fbits.net *.soclminer.com.br *.btg360.com.br *.socialminer.com *.content-security-policy.com *.l2.io l2.io gstatic.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.com.pe *.netdeal.com.br checkout.clubedomalte.com.br signalrcore.fbits.net *.afilio.com.br wss://signalrcore.fbits.net *.g2afse.com *.analytics.tiktok *.netdeal.com *.cloudfront.net netdeal.com.br *.fontawesome.com *.rtb123.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.tps: tps: *.adnxs.com *.tiktok.com pub-csp.fbits.net google-analytics.com *.viacep.com.br *.clubedomalte.com.br *.localhost:5501 localhost:5501 *.fbitsstatic.net recursos.clubedomalte.com.br *.preciso.net d3u0jcwe5p7qrc.cloudfront.net d2rp1k1dldbai6.cloudfront.net cybba-bucket.s3.amazonaws.com *.cybba.solutions *.cybba.us storage.googleapis.com c.amazon-adsystem.com *.stackadapt.com *.adsrvr.org *.facebook.net *.cybbaview.com *.fbits.store *.adyen.com *.safrapay.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *..clubedomalte.com.br .clubedomalte.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src https://*.gstatic.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.googleapis.com https://*.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-s_Iabl9RbSU2PsyEnuo4Zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-R1zWtesHKTtbEBLuJKJFpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';connect-src 'self' https://*.pdenroller.org https://*.authorize.net *.services.visualstudio.com https://js.monitor.azure.com *.service.signalr.net wss://*.service.signalr.net;frame-src https://*.authorize.net https://*.gstatic.com https://*.google.com;font-src data: https:;img-src data: https:;manifest-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' https://*.pdenroller.org https://*.authorize.net https://*.gstatic.com https://*.google.com 'nonce-649d61cfe7a34cf9b79d4c25058d833a';style-src 'self' 'unsafe-inline' https://*.pdenroller.org https://*.gstatic.com https://*.google.com;report-uri https://api.pdenroller.org/log/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-RqyKoiLfh9TWHjIzRHVMPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Xu5cUiSv1KDmw37LfLUjRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.tryggehandel.net *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com ssl.ditonlinebetalingssystem.dk *.trustpilot.com *.cookieinformation.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.facebook.com *.sleeknote.com *.tryggehandel.net https://cdn.clerk.io maps.googleapis.com *.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.sleeknote.com *.clerk.io *.tryggehandel.net *.facebook.net *.trustpilot.com *.emaerket.dk *.cookieinformation.com *.reepay.com https://api.clerk.io https://cdn.clerk.io maps.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com fonts.gstatic.com unsafe-inline *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.obsidian.dk connect.facebook.net *.facebook.com *.cookieinformation.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com www.facebook.com graph.facebook.com business.facebook.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com https://fonts.gstatic.com https://ws.colissimo.fr *.stamped.io cdn.jsdelivr.net cdn.almapay.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com tpeweb.e-transactions.fr tpeweb.paybox.com tpeweb1.paybox.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.speed1.fr *.quadyland.com 'self' data: quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com www.google.com cdn.dnky.co www.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com https://www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.affirm.com *.doubleclick.net *.speed1.fr *.quadyland.com 'self' data: youtu.be tpc.googlesyndication.com www.quadyland.com blob quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org cdn.doofinder.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.cloudfront.net *.stamped.io *.google-analytics.com *.google.fr *.paypal.com *.paypalobjects.com *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io cdn.almapay.com *.speed1.fr *.quadyland.com www.google.be www.google.pt www.google.ca www.google.co.ma www.google.dz www.google.lu www.google.tn www.google.co.uk www.google.es www.google.de sb-img-fr.s3.amazonaws.com www.google.fr www.google.ch www.google.sn www.google.cg www.quadyland.com pagead2.googlesyndication.com tpc.googlesyndication.com media.speed1.fr bat.bing.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr 125-vintage.fr scooterelec.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com static.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.doofinder.com *.doubleclick.net includes.ccdc02.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com www.klarnapayments.com *.affirm.com *.routeapp.io cdn.amcharts.com www.googletagmanager.com googleads.g.doubleclick.net bat.bing.com pagead2.googlesyndication.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.doofinder.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.stamped.io www.klarnapayments.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; object-src www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.affirm.com *.doubleclick.net *.speed1.fr *.quadyland.com 'self' data: www.quadyland.com data blob quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com static.zdassets.com *.speed1.fr *.quadyland.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; manifest-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu cdn.ampproject.org www.facebook.com *.facebook.com graph.facebook.com business.facebook.com *.doofinder.com wss://*.doofinder.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net ekr.zdassets.com *.hotjar.com *.hotjar.io wss://widget-mediator.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com https://nominatim.openstreetmap.org *.paypal.com *.authorize.net hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com *.paypalobjects.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.google.com adservice.google.com www.google.com maps.googleapis.com bat.bing.com quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; child-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline' 'unsafe-eval'; base-uri quadyland.com media.quadyland.com spyder.quadyland.com scooter.quadyland.com speed1.fr media.speed1.fr 125-vintage.fr scooterelec.fr 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-VYLg7_OcTs4U0M71ql1dbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://3chillies.report-uri.com/r/d/csp/wizard 1
default-src https://support.personanutrition.com https://*.taboola.com https://js.cnnx.link https://*.facebook.net:* 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' *.authorize.net; style-src 'self' 'unsafe-inline'; img-src *;default-src https://tag.bounceexchange.com script-src 'unsafe-eval' 'unsafe-inline' https://js.cnnx.link https://*.taboola.com; style-src 'self' 'unsafe-inline';default-src https://assets.bounceexchange.com script-src 'unsafe-eval' 'unsafe-inline'; style-src 'unsafe-inline'; img-src; font-src; child-src; default-src https://*.taboola.com https://api.bounceexchange.com  script-src 'unsafe-eval' 'unsafe-inline'; form-action;default-src https://events.bouncex.net img-src;connect-src;default-src https://coupons.bounceexchange.com;default-src https://dev.bounceexchange.com  script-src 'unsafe-eval' 'unsafe-inline'; form-action;default-src https://*.cdnwidget.com;default-src https://*.cdnbasket.net connect-src https://js.cnnx.link https://*.taboola.com;default-src https://dash-staging.bounceexchange.com script-src frame-src 'self' *.authorize.net;default-src https://accept.authorize.net https://test.authorize.net; default-src https://tag.wknd.ai script-src 'unsafe-eval' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vl-8Y0lBnBNDrgK7kSIUBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zMbOpdd2rxhwEQRjNFB7fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TWod_H3sEsBvIxWdYyw8Kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.trustedshops.com https://fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com vars.hotjar.com *.eventbrite.com sibautomation.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com www.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.trustedshops.com *.google.com *.google.fr *.googletagmanager.com *.viamichelin.com *.bing.com *.clarity.ms *.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com fonts.googleapis.com business.facebook.com *.trustedshops.com static.hotjar.com script.hotjar.com vars.hotjar.com *.google.com *.google.fr *.gstatic.com *.googletagmanager.com *.eventbrite.com sibautomation.com *.viamichelin.com bat.bing.com *.clarity.ms *.cloudflare.com *.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.viamichelin.com *.cloudflare.com *.googletagmanager.com https://fonts.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com www.facebook.com business.facebook.com *.trustedshops.com in.hotjar.com vc.hotjar.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net maps.googleapis.com *.brevo.com *.google.com *.clarity.ms *.etrusted.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src higherlogiccloudfront.s3.amazonaws.com https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://cdn.jsdelivr.net/jquery.slick/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.aspnetcdn.com/ajax/ https://use.fortawesome.com/ cdn.informz.net https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com 'self' https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'unsafe-eval' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js; font-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d2x5ku95bkycr3.cloudfront.net https://fonts.googleapis.com/ fonts.googleapis.com higherlogiccloudfront.s3.amazonaws.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self' https://fonts.gstatic.com/ https://d1u9edeg3iwvk4.cloudfront.net data: https://cdn.jsdelivr.net/jquery.slick/; script-src-elem https://static.filestackapi.com/filestack-js/ https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'self'; media-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-stream.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self'; style-src https://cdnjs.cloudflare.com/ajax/libs/prism/ https://use.fortawesome.com/ 'unsafe-inline' https://cdn.jsdelivr.net/jquery.slick/ https://d3uf7shreuzboy.cloudfront.net/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ 'self' https://ajax.googleapis.com/ajax/libs/jqueryui/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ higherlogiccloudfront.s3.amazonaws.com https://d2x5ku95bkycr3.cloudfront.net/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://fonts.googleapis.com/ fonts.googleapis.com https://d1u9edeg3iwvk4.cloudfront.net; manifest-src 'self'; frame-src https://www.youtube.com/embed/ https://api.connectedcommunity.org/ 'self'; img-src https://cdn.jsdelivr.net/jquery.slick/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://img.youtube.com/vi/ 'self' https://d2x5ku95bkycr3.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/; object-src 'none'; worker-src 'self'; connect-src 'self' hl-managedservices.informz.net; default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://*.connectedcommunity.org/; 1
object-src 'none';base-uri 'self';script-src 'nonce-G0-1POdMGRxQ1Lo-MOeAFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/tiltbrush 1
report-uri /csp-report; default-src 'self' https://shop.stpancras.com https://google.co.uk https://www.google.co.uk https://www.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' http://admin.highspeed1.co.uk https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com wss://ws.hotjar.com https://*.google.co.uk https://*.doubleclick.net; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht https://map.stpancras.com https://*.doubleclick.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/chrome-cloudcast 1
object-src 'none';base-uri 'self';script-src 'nonce-JPsKCSPFgTdSDHSgPHgfEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VxgXkst-IeJZGfsFNkHJ8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
report-uri https://api.sunbit.com/sampling/api/v1/csp-reports?application=my-sunbit&env=prod; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://fpnpmcdn.net https://use1.fptls.com *.sunbit.* *.google.com https://cdn.polyfill.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://sentry.io *.googletagmanager.com *.google-analytics.com *.datadoghq-browser-agent.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/axios@1.6.2/dist/axios.min.js 'sha256-oNwErqIk8VRSUay1+8A7krM8W1V1Tq/5L14zrrLP8pw=' 'sha256-woAyRoW0yGOEl+CG3XDrIRRr4AqDTWyBET3GMzjr75g=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-AF490//jIflwN/2nTDszvAx/KI2V9GJG8gdwvGhO/zw=' 'sha256-8dULgHWW2eIwqjJTAQle9cUf85AipTjC2f9Ks83Sxks='; style-src 'self' 'unsafe-inline' *.googleapis.com blob:; frame-src data: http://epay *.sunbit.* *.google.com *.googletagmanager.com; child-src *.googletagmanager.com *.mysunbit.* blob:; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com https://www.google.co.il/ https://static.sunbit.*; font-src 'self' *.gstatic.com *.typekit.net data:; connect-src 'self' ws: about: http://api *.sunbit.* *.google.com https://sentry.io *.browser-intake-datadoghq.com *.datadoghq.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com *.datadoghq.com *.datadoghq.eu tls-use1.fpapi.io https://use1.fptls.com/ https://api-js.mixpanel.com/ https://stats.g.doubleclick.net/; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 1
default-src 'self' guatemaladigital.com:* ; form-action 'none' ; frame-src 'self' googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ ; frame-ancestors 'none' ; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' www.statcounter.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com adservice.google.com adservice.google.com.gt adservice.google.com.sv adservice.google.co.cr ; img-src 'self' data: d3w3rr05w2dn4u.cloudfront.net *.amazonaws.com images-na.ssl-images-amazon.com/images/ m.media-amazon.com/images/ i.ebayimg.com/images/ www.googletagmanager.com pagead2.googlesyndication.com www.google-analytics.com ; connect-src 'self' data: guatemaladigital.com:* pagead2.googlesyndication.com c.statcounter.com www.google-analytics.com ; media-src 'self' gd-archivos.s3.amazonaws.com ; 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.ccpsx.com/api/v1/errors/csp 1
object-src 'none';base-uri 'self';script-src 'nonce-vfEJq3-G7R3fZ_ItDapTdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.finance-calculator.co.uk 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org *.magentocommerce.com youtube.com www.youtube.com *.hotjar.com https://www.google.com www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.klarnacdn.net x.klarnacdn.net *.doubleclick.net https://plumrocket.com webservices.securetrading.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com *.trackedlink.net *.finance-calculator.co.uk *.dekopay.com 'self' data: *.magentocommerce.com *.cloudfront.net https://*.gstatic.com www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.klarnacdn.net x.klarnacdn.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.dekopay.com *.magentocommerce.com *.cloudfront.net google.com maps.googleapis.com www.google.com *.increasingly.co *.increasingly.com gstatic.com www.gstatic.com *.googleapis.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.klarnacdn.net *.klarnaservices.com js.klarna.com *.eu-library.klarnaservices.com/lib.js *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.mouseflow.com *.webgains.io *.google.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com player.vimeo.com *.youtube.com https://apis.google.com webservices.securetrading.net songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com *.fontawesome.com *.mailchimp.com *.finance-calculator.co.uk *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.dekopay.com *.cloudfront.net *.magentocommerce.com commerce.adobedc.net api.comapi.com www.google-analytics.com *.googleapis.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.zendesk.com *.eu-library.klarnaservices.com/lib.js *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.klarnacdn.net x.klarnacdn.net api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' wss://localhost:44378/MDL3MEarPlugSettlementWeb/ wss://localhost:44339/MDL3MEarPlugSettlementWeb/; script-src 'self' https://acsbapp.com/apps/app/dist/js/ https://acsbapp.com/apps/app/dist/js/app.js 'sha256-a/7jwHVk91+ykLC4DFor1xbtOi2RtBOCEsyGRmbQCqg=' 'nonce-c5233efb04f44a73b6f5818400bd6eec' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ wss://localhost:44378/MDL3MEarPlugSettlementWeb/ wss://localhost:44339/MDL3MEarPlugSettlementWeb/; style-src 'self' 'sha256-PErmU+TYRcPwrRm3MyRLjITnpqDhWmPNUbcKKJvhDEg=' 'sha256-WPlotXzoUAc9dAX9VP8kh67FoVkPmFBGjhwNruaBRm0=' 'sha256-BFU3BnyqbhnU5P4bEBvLn1IgebSFXoYgLIS9f14EELE=' 'sha256-BFU3BnyqbhnU5P4bEBvLn1IgebSFXoYgLIS9f14EELE=' 'sha256-77eiGD30q+meCl4OODdDJ1/zL6eNuQkiJC/BxPPdysY=' 'sha256-O3jpUocZrCjDOxGs4ipG8JIZfKISj9Kkrvnplmz5hJU=' 'sha256-0hJ78+O6zvs01KYuCuy720JiA8yfNHPGBiulC4LrNwQ=' 'sha256-+E1Dmp1R73QDtKFL3SMs9tIOqvXmNn4KDimSASJyJ1I=' 'sha256-tLnIAscSvDCHUgYQpD8+EtdKCQy3SyrAv4pAtxghOEM=' 'sha256-WPlotXzoUAc9dAX9VP8kh67FoVkPmFBGjhwNruaBRm0=' 'sha256-1SGg8DOvFA7Q2JXQR8X+jtINliFVnWOWksxci1/tt6s=' 'sha256-/QEWW84RZVrjuSPK6q6qMeqbc/pCLMknXFFcCck5TAk=' 'sha256-/QEWW84RZVrjuSPK6q6qMeqbc/pCLMknXFFcCck5TAk=' 'sha256-/QEWW84RZVrjuSPK6q6qMeqbc/pCLMknXFFcCck5TAk=' 'sha256-BFU3BnyqbhnU5P4bEBvLn1IgebSFXoYgLIS9f14EELE=' 'sha256-77eiGD30q+meCl4OODdDJ1/zL6eNuQkiJC/BxPPdysY=' 'sha256-WPlotXzoUAc9dAX9VP8kh67FoVkPmFBGjhwNruaBRm0=' 'sha256-QNGhJ7kaK0ptxgUeZLrfpRNLV1vCWe6mNX20jkQHlKM=' 'sha256-z7zcnw/4WalZqx+PrNaRnoeLz/G9WXuFqV1WCJ129sg=' 'sha256-V5GCv7g+0m456JOc8LaCSG/jwgo4y4k5w8iKRPeff0k=' https://fonts.googleapis.com wss://localhost:44378/MDL3MEarPlugSettlementWeb/; font-src 'self' https://fonts.gstatic.com wss://localhost:44378/MDL3MEarPlugSettlementWeb/; img-src 'self' wss://localhost:44378/MDL3MEarPlugSettlementWeb/ http: https: data:; connect-src 'self' wss://localhost:44395/MDL3MEarPlugSettlementWeb/ wss://localhost:44301/MDL3MEarPlugSettlementWeb/ wss://localhost:44362/MDL3MEarPlugSettlementWeb/ wss://localhost:44339/MDL3MEarPlugSettlementWeb/ wss://localhost:44378/MDL3MEarPlugSettlementWeb/ https://cdn.acsbapp.com/cache/app/wildcards.json https://cdn.acsbapp.com/config/ https://acsbapp.com/apps/app/dist/js/; frame-src 'self' https://www.google.com; object-src 'self'; 1
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: data: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1
default-src * data: 'unsafe-inline'; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com google-analytics.com googleapis.com supporta.cc; font-src 'self' fonts.gstatic.com googleapis.com v2.zopim.com; form-action 'self'; frame-src supporta.cc; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com googleapis.com csi.gstatic.com cdn.supporta.cc; media-src static.zdassets.com; script-src 'self' googletagmanager.com googleoptimize.com google-analytics.com analytics.connectholland.nl v2.zopim.com googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com connect.facebook.net cdn.supporta.cc; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 1
object-src 'none';base-uri 'self';script-src 'nonce-sC1m91Up4eZz0pHyDSi0BQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src humanheartnature.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ https://connect.facebook.net/ *.cardinalcommerce.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; frame-ancestors humanheartnature.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.trust-provider.com/ https://googleads.g.doubleclick.net/ https://www.google.com.ph/ https://td.doubleclick.net/ https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk https://www.google.com.ph/ https://www.google.com/ https://www.maya.ph/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com humanheartnature.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline humanheartnature.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com humanheartnature.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net/ https://analytics.google.com/ http://www.google-analytics.com https://google.com https://www.google.com.ph/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com humanheartnature.com http: https: blob: 'self' 'unsafe-inline'; default-src humanheartnature.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dfiOdoa-qZudOknsQUsGIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=19904&v=v1.0&payload=dSAYuIr3dIKnrd8EA7WPbbDVyZu_-14YWRHCLq__GNBbvo7fAdmW_8xpUiIK-Bynx6GzlSc41Wmt95PKuF08U0h7nxjUm5ppBq1C1rhkWLCkNN5c2exNEQVcRwfhA5pk33e6SfsgyARU1MuEm-dyA1qKTEN-AtiLHAnKlIvx5RG-QH76RONZnZAysD82X22Zz_VzFYH9QazIBqIR6rgqUA==; 1
default-src 'self' *.tc.edu *.tc.columbia.edu; font-src *; frame-ancestors 'self' *.tc.edu *.tc.columbia.edu; frame-src *; img-src *; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; object-src 'none'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4pnomEaoqMFD8odT2CeUdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com *.klarna.com *.klarnacdn.net *.pji.nu *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com https://local.fiskejournalen.com https://test-butik.fiskejournalen.se *.cloudfront.net https://butik.fiskejournalen.se https://butik1.fiskejournalen.se https://checkoutapi.svea.com https://www.facebook.com https://www.google.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://local.fiskejournalen.com *.cloudfront.net *.fiskejournalen.se *.bing.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com *.google.com *.google.co.in https://apis.google.com *.clarity.ms *.doubleclick.net https://www.googletagmanager.com *.googlesyndication.com *.dialogtrail.com *.amazonaws.com *.cookiepro.com *.streamify.io https://meetanshi.com/media/logo.png 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnaservices.com *.fiskejournalen.com *.cloudfront.net https://bat.bing.com *.google.com *.google.co.in *.gstatic.com https://checkout.sveapayment.eu https://track.adtraction.com https://static.zdassets.com/ https://apis.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleapis.com https://chimpstatic.com https://checkoutapi.svea.com *.clarity.ms https://www.google.se securepubads.g.doubleclick.net https://www.gstatic.com *.googlesyndication.com *.googletagservices.com *.tiktok.com https://dialogtrail-prod.s3-eu-west-1.amazonaws.com *.dialogtrail.com *.cookiepro.com *.googleoptimize.com *.pji.nu *.streamify.io *.holid.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://local.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com https://fonts.googleapis.com *.klarna.com *.klarnacdn.net *.pji.nu *.streamify.io *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src https://local.fiskejournalen.com https://test.fiskejournalen.se *.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com https://local.fiskejournalen.com *.cloudfront.net https://butik.fiskejournalen.se https://butik1.fiskejournalen.se https://static.zdassets.com *.klarna.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com https://local.fiskejournalen.com *.cloudfront.net *.klarna.com *.klarnaservices.com *.clarity.ms https://ekr.zdassets.com https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://fiskejournalen.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.tiktok.com *.dialogtrail.com wss://widget.dialogtrail.com *.cookiepro.com *.onetrust.com *.streamify.io *.jsdelivr.net wss://wss.streamify.io/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googlesyndication.com *.cloudfront.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XDZFhLI9bcT4MECxeKgvQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-WozbkAmgAfExu2gpsBk78gWAjKOi6zaAGaujKa6B10E='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-7lT9V1XjPdFE0YHqJbUOfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WorFmEXKsu29iHWtP4vFBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  connect-src 'report-sample' 'self' https://analytics.imirwin.com analytics.google.com *.juicer.io px.ads.linkedin.com *.fontawesome.com;; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/  googleads.g.doubleclick.net consent.cookiebot.com snap.licdn.com  static.ads-twitter.com consentcdn.cookiebot.com https://www.gstatic.com/ https://destinilocators.com *.typekit.net unpkg.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.juicer.io *.google.com *.bugherd.com https://analytics.imirwin.com ;  style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net unpkg.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com *.juicer.io;  object-src 'none';  base-uri 'self';  font-src 'self' data: static.juicer.io *.fontawesome.com unpkg.com *.typekit.net *.gstatic.com;  frame-src 'self'  https://destinilocators.com https://www.google.com consentcdn.cookiebot.com td.doubleclick.net;  img-src * 'self' data: https: https://www.juicer.io https://assets.juicer.io https://s.w.org https://juicer.io;  manifest-src 'self';  media-src 'self';  report-uri https://63fcef7d3e361dd413cfe988.endpoint.csper.io/?v=0;  worker-src 'none'; 1
font-src *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekster.se *.mekster.no *.firebase.com *.zendesk.com *.gstatic.com *.googleapis.com *.tryggehandel.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.trackedweb.net *.criteo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube-nocookie.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.criteo.com *.criteo.net td.doubleclick.net *.mpmoil.se 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mekster.se *.mekster.no *.bing.com *.doubleclick.net *.facebook.com *.google.com *.google.co.in *.ytimg.com *.gstatic.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.googletagmanager.com *.facebook.net google-analytics.com *.googleapis.com *.tryggehandel.net cdn.cookielaw.org *.criteo.net *.criteo.com *.google.se *.google.no *.google.pl x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net *.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com beacon.krxd.net https://redchamps.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.mekster.se *.mekster.no *.tradedoubler.com *.bing.com *.google.com *.gstatic.com *.adtraction.com *.adnxs.com *.googletagmanager.com *.facebook.net *.googleapis.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.dotdigital.com *.swagger.com *.doubleclick.net code.jquery.com tagmanager.google.com *.google-analytics.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.tryggehandel.net *.clarity.ms cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net *.mekster.se *.mekster.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com tagmanager.google.com *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.mekster.se *.mekster.no *.cloudfront.net *.zendesk.com 'self' 'unsafe-inline'; media-src *.mekster.se *.mekster.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.mekster.se *.mekster.no *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.googletagmanager.com cdn.cookielaw.org *.onetrust.com insights.algolia.io *.clarity.ms *.google-analytics.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-mQ2FX0x13p4BNEhCrqqTjA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'strict-dynamic' 'nonce-tcNR+hM4gunzRiVc1rgRuw=='; 1
font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com www.googletagmanager.com *.veritas.at *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://*.consentmanager.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 s7.addthis.com https://*.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com ekr.zdassets.com/ https://identity.veritas.at/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://polyfill.io/v3/polyfill.min.js https://www.gstatic.com https://www.getback.ch https://connect.facebook.net https://bat.bing.com https://s2.adform.net track.adform.net https://static.getback.ch https://maps.googleapis.com https://cdn.cookielaw.org https://static.profity.ch https://tc.connects.ch https://www.clarity.ms https://optanon.blob.core.windows.net https://push.getback.ch https://www.usemaxserver.de https://www.youtube.com https://www.yumpu.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://fast.fonts.net https://static.getback.ch; img-src * 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.migros.ch/ch.migros/static/fonts/ https://api2.fonts.com/; connect-src *; child-src 'self'; frame-src *; frame-ancestors 'self'; form-action 'self' https://www.facebook.com; report-uri https://magno.report-uri.com/r/d/csp/reportOnly 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.squarecdn.com *.fontawesome.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com widgets.sandbox.afterpay.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.afterpay.com/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com https://static.klaviyo.com *.fontawesome.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.facebook.net *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vppuHPsme6KjRBYlvW44yQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src localhost:8080 fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.analytics.google.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com 'self' blob: data localhost:8080 *.cookiebot.com www.logistiekconcurrent.nl bat.bing.com integrations.etrusted.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn-4.convertexperiments.com localhost:8080 bat.bing.com *.cookiebot.com widgets.trustedshops.com cdnjs.cloudflare.com www.googleoptimize.com *.hotjar.com *.appspot.com *.convertexperiments.com *.leadinfo.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.shoppingminds.net *.shoppingminds.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.avada.io *.google.com/ *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com localhost:8080 fonts.googleapis.com *.appspot.com integrations.etrusted.com 'self' blob: data *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com cdn-4.convertexperiments.com localhost:8080 *.hotjar.io bat.bing.com ws: *.google.com *.leadinfo.net *.appspot.com *.cookiebot.com *.convertexperiments.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.shoppingminds.net *.shoppingminds.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-KVGc68MNKFhGZyLk2g5xDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src *.googleapis.com fonts.gstatic.com data: *.kxcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com s7.addthis.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.facebook.net *.google.com *.cloudflare.com chimpstatic.com *.surveymonkey.com *.kbmaxnext.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com ekr.zdassets.com/ *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-IzJI2ZkQxilBxuEzRNfn6O2Au6k6iVkWhbi7SysleGM='; base-uri 'self';report-to csp-endpoint 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.cardinalcommerce.com *.tawk.to *.cloudfront.net *.reviews.co.uk *.facebook.com *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.reviews.co.uk *.worldpay.com *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://widget.reviews.co.uk https://widget.reviews.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.reviews.co.uk *.worldpay.com *.tawk.to *.facebook.com *.cookiebot.com *.google.com *.clearpay.co.uk account.fetchify.com *.acdcproc.com *.americanexpress.com *.arcot.com *.barclays.co.uk *.braintreegateway.com *.criteo.com *.criteo.net *.digitalbridgehq.com *.doubleclick.net *.fixtuur.com *.hotjar.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.lloydsbankinggroup.com *.modirum.com *.monzo.com *.playground.klarna.com *.playground.klarnaservices.com *.rsa3dsauth.co.uk *.sagepay.com *.sandbox.paypal.com *.touch.tech *.zenaps.com js.mollie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.usercentrics.eu *.reviews.co.uk *.bing.com *.google.com *.google.co.uk *.facebook.com *.amazonaws.com *.googletagmanager.com *.afterpay.com *.clearpay.co.uk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png flagpedia.net https://www.mollie.com https://prf.hn www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.reviews.co.uk *.tawk.to *.bing.com *.facebook.net *.mailchimp.com *.cookiebot.com *.googletagmanager.com *.onefeed.co.uk *.feefo.com *.doubleclick.net *.bootstrapcdn.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.mollie.com https://prf.hn https://pzapi-nb.com https://pzapi-kg.com https://pzapi-ij.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.reviews.co.uk *.mailchimp.com *.cloudfront.net *.bootstrapcdn.com *.afterpay.com/ *.squarecdn.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tawk.to wss://*.tawk.to *.cloudflare.com *.twitter.com *.twimg.com *.reviews.co.uk *.google-analytics.com *.doubleclick.net *.feefo.com *.braintreegateway.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.tawk.to *.reviews.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report; report-to report-endpoint; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com *.cardlink.gr *.eurocommerce.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com/ https://consentcdn.cookiebot.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/Scripts/widgetIcon.min.js https://consentcdn.cookiebot.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org https://consentcdn.cookiebot.com https://consent.cookiebot.com https://graph.instagram.com https://region1.analytics.google.com https://maps.googleapis.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-1rFFPoLBz3RLR6L1mYBnkwceuo5x3QRo'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
font-src 'unsafe-inline' data: *.gstatic.com *.iadvize.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.iadvize.com *.facebook.com *.critizr.com https://critizr.com/ *.fittingbox.com *.v-psp.com *.facil-iti.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.opticiens-atol.com *.google.com *.google.fr *.gstatic.com *.google-analytics.com *.googleapis.com *.facebook.com *.doubleclick.net *.amazonaws.com *.filerobot.com *.atol.fr bat.bing.com editor-assets.abtasty.com p1.zemanta.com c.clarity.ms c.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ clicrdv-assets.s3.amazonaws.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.fittingbox.com *.abtasty.com *.facebook.net *.iadvize.com *.critizr.com *.facil-iti.com *.doubleclick.net *.privacy-center.org polyfill.io analytics.tiktok.com *.atol.fr s.pinimg.com p.teads.tv bat.bing.com dynamic.criteo.com c.amazon-adsystem.com www.clarity.ms js-tag.zemanta.com ct.pinterest.com *.algolia.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.critizr.com *.iadvize.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google.com *.googleusercontent.com *.google-analytics.com *.doubleclick.net *.abtasty.com *.iadvize.com *.instagram.com *.pinterest.com *.critizr.com *.atol.fr *.amazon-adsystem.com cm.teads.tv analytics.tiktok.com *.criteo.com *.algolia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.fontawesome.com *.advertserve.com *.google-analytics.com *.licdn.com *.facebook.net *.app-us1.com *.googletagservices.com trackcmp.net *.stripe.com *.gstatic.com *.simpli.fi app.termly.io s39845.pcdn.co *.doubleclick.net; connect-src 'self' *.fontawesome.com *.google.com www.google-analytics.com *.doubleclick.net *.advertserve.com  app.termly.io *.linkedin.com; media-src 'self' *.youtube.com *.youtube-nocookie.com; object-src 'self' *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.doubleclick.net js.stripe.com *.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com *.google.com s39845.pcdn.co fonts.bunny.net; font-src 'self' data: maxcdn.bootstrapcdn.com *.gstatic.com *.fontawesome.com s39845.pcdn.co fonts.bunny.net; worker-src 'self' blob:; img-src * data: 1
font-src maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com static.userback.io *.cylindo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.carnegiefabrics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.xtento.com *.twitter.com fast.wistia.net td.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.xtento.com cdn.xtento.com *.pinterest.com *.cloudflare.com *.klarna.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.wistia.com *.elfsight.com *.elfsightcdn.com *.cylindo.com content-v2.cylindo.com *.google.com www.google.com.ua *.linkedin.com carnegiefabrics.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com fast.wistia.net static.userback.io *.carnegiefabrics.com *.cloudflare.com cookie-cdn.cookiepro.com *.twitter.com *.crazyegg.com *.pardot.com *.pinterest.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js-agent.newrelic.com bam.nr-data.net *.wistia.com *.elfsight.com *.cylindo.com snap.licdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.userback.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cylindo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.userback.io *.stackpathdns.com cookie-cdn.cookiepro.com *.crazyegg.com stats.g.doubleclick.net geolocation.onetrust.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com bam.nr-data.net *.wistia.com *.elfsight.com *.litix.io *.cylindo.com content-v2.cylindo.com *.linkedin.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.carnegiefabrics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lj7vb3URpiVi2Z3qZfuOFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com magento-cloudflare.jetrails.com www.youtube.com *.klarna.com https://stringfurniture.com https://*.stringfurniture.com https://cdn.consentmanager.mgr.consensu.org/ https://consentcdn.cookiebot.com *.trustpilot.com *.hotjar.com https://*.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://d1pna5l3xsntoj.cloudfront.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.com *.google.bg https://www.facebook.com *.facebook.net *.doubleclick.net *.bird.eu *.ytimg.com *.klarna.com *.klarnaevt.com https://cdn.consentmanager.net https://scontent.cdninstagram.com https://dot.designtorget.se https://cdn.valuesportal.com www.googletagmanager.com *.googleadservices.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.se *.paypal.com *.paypalobjects.com https://mcusercontent.com https://js.klevu.com https://*.mgr.consensu.org https://cx.atdmt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.klarna.com *.hotjar.io https://dot.designtorget.se https://valuesportal.com https://consentcdn.cookiebot.com https://consent.cookiebot.com www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com *.gstatic.com https://connect.facebook.net/ *.trustpilot.com https://chimpstatic.com *.klarnacdn.net *.adyen.com https://js.klevu.com https://downloads.mailchimp.com *.list-manage.com *.hotjar.com *.gtm.adt313.net https://checkoutshopper-test.adyen.com https://*.mgr.consensu.org https://*.cloudflareinsights.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://designtorget.se https://designtorget.com *.fonts.googleapis.com *.gstatic.com https://downloads.mailchimp.com https://js.klevu.com https://*.mgr.consensu.org unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://core.helloretail.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klarnaevt.com https://dot.designtorget.se api.adtraction.net consentcdn.cookiebot.com *.paypal.com *.cardinalcommerce.com *.stripe.com *.klarna.com *.klarnacdn.net *.addwish.com *.doubleclick.net *.hotjar.com https://*.mgr.consensu.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-T23a_e6cizBQJVqDAs9Kiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://stats.webleads-tracker.com https://get.smart-data-systems.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://sp.analytics.yahoo.com https://eqy.link https://secure.wait8hurl.com https://cdn.cookielaw.org https://www.googleadservices.com mdbootstrap.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
default-src https:; report-uri https://home.archiefweb.eu/csp-report/report.php; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/translate_google 1
object-src 'none';base-uri 'self';script-src 'nonce-SsEFIow6TH-KgeGdO7QHdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src www.googleoptimize.com bisko.gjirafa.net 1gr.cz c.seznam.cz www.zbozi.cz cdn.cpex.cz sdk.privacy-center.org sgtm.signals.cz rec.smartlook.com cnc.daktela.com widget-v2.smartsuppcdn.com www.smartsuppchat.com *.smartsupp.com *.smartsuppcdn.com *.smartlook.com *.smartsuppchat.com spir.hit.gemius.pl a.opmnstr.com track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com www.google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com im9.cz 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem connect.facebook.net www.googleadservices.com c.seznam.cz static.hotjar.com bisko.gjirafa.net cdn.cpex.cz script.hotjar.com 'self' connect.facebook.net www.google-analytics.com api.mapy.cz 'unsafe-inline' cnc.daktela.com www.googleoptimize.com sdk.privacy-center.org s2.adform.net www.googletagmanager.com track.adform.net 1gr.cz; style-src translate.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; style-src-elem 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' fonts.googleapis.com; report-uri /csp 1
font-src cdn.jsdelivr.net cdn.almapay.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu https://*.google.com *.doubleclick.net *.facebook.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.com.ua https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.elfsight.com apps.elfsight.com universe-static.elfsightcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://cdnjs.cloudflare.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.elfsight.com pagead2.googlesyndication.com core.service.elfsight.com service-reviews-ultimate.elfsight.com apps.elfsight.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com *.nhslothian.scot *.nhslothian.scot.nhs.uk secure.worldpay.com www.dermatology.nhs.scot noop.style; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com maxcdn.bootstrapcdn.com blob: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com data: blob: 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.addthis.com *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * data: blob: *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com blob: *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com data: blob: *.hotjar.com *.ipinfo.io ipinfo.io *.zdassets.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com data: blob: tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com data: blob: *.doubleclick.net *.zdassets.com *.zendesk.com *.zopim.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-J2yNDjOZ-x1TM_-KvPa7mQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mcch9MSvLfDN4-6hNqZl9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://css.zohocdn.com/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://*.hotjar.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com/ https://0merchantacsstag.cardinalcommerce.com/ https://1merchantacsstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://widget.reviews.co.uk/ https://gum.criteo.com/ https://*.hotjar.com/ https://www.paypalobjects.com/ https://c.sandbox.paypal.com/ https://tst.kaptcha.com/ *.reviews.io *.reviews.co.uk https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com/ https://www.google.co.uk/ https://bat.bing.com/ https://www.facebook.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://cm.g.doubleclick.net/ https://r.casalemedia.com/ https://ad.360yield.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://ad.yieldlab.net/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.sxp.smartclip.net/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ https://rtb-csync.smartadserver.com/ https://widget.eu.criteo.com/ https://assets.reviews.io/ https://matching.ivitrack.com/ https://www.lyco.co.uk/ https://uat.lyco.co.uk/ https://c.sandbox.paypal.com/ https://services.postcodeanywhere.co.uk/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.hotjar.com/ https://imgs.cdn-btsg.com/ https://secure.adnxs.com/ https://bam.nr-data.net/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com bat.bing.com https://connect.facebook.net/ https://static.criteo.net/ https://widget.reviews.co.uk/ https://salesiq.zoho.eu/ https://analytics.webgains.io/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://*.hotjar.com/ https://sslwidget.criteo.com/ https://js-agent.newrelic.com/ https://js.zohocdn.com/ https://bam.nr-data.net/ https://widget.eu.criteo.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://lycod11120.pcapredict.com/ https://services.postcodeanywhere.co.uk/ https://track.webgains.com/ https://songbirdstag.cardinalcommerce.com/ *.reviews.io *.reviews.co.uk https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com https://css.zohocdn.com/ https://widget.reviews.co.uk/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://services.postcodeanywhere.co.uk/ https://*.hotjar.com/ data: *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net/ https://l.clarity.ms/ https://salesiq.zoho.eu/ wss://vts.zohopublic.eu/ https://bam.nr-data.net/ https://salesiq.zohopublic.eu/ https://vts.zohopublic.eu/ https://api-cache.reviews.co.uk/ https://api.reviews.co.uk/ https://k.clarity.ms/ https://a.clarity.ms/collect https://region1.analytics.google.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://api.reviews.io/ https://services.postcodeanywhere.co.uk/ https://api.webgains.io/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ https://writer.cardinalcommerce.com/ https://m1.openfpcdn.io/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://ekr.zdassets.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.gstatic.com apis.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri https://65ca64ee7b1c737c892f5dd1.endpoint.csper.io?v=0; form-action 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self'; worker-src 'none'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-Mhwg-WntNR2ooZyPumqmnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.kxcdn.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com https://www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-GuA-Rv7sAiKJl7n7mWvOWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
worker-src blob:; font-src *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.gstatic.com 'self' data: applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com https://player.vimeo.com https://www.youtube-nocookie.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.facebook.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.iubenda.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.google.com *.kxcdn.com https://cs.iubenda.com/ https://cdnjs.cloudflare.com/ downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com region1.google-analytics.com consent.iubenda.com hits-i.iubenda.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://hits-i.iubenda.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.zipmoney.com.au *.zopim.com preeziestaticcontent.blob.core.windows.net schots.zendesk.com *.static.zdassets.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.pinterest.com *.schots.viewa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://site-assets.afterpay.com https://static.secure-afterpay.com.au https://static.zipmoney.com.au *.yotpo.com t.zip.co static.zipmoney.com.au *.google.co.id *.cloudfront.net *.schots.com.au *.google.com.au *.zopim.io *.zopim.com *.pinterest.com *.hellobar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://data.stats.tools https://static.zipmoney.com.au http://cdn.systema.ai api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com static.zipmoney.com.au zip.co *.azureedge.net *.hellobar.com *.cloudflareinsights.com *.zopim.com *.schots.zendesk.com *.zdassets.com *.newrelic.com *.nr-data.net *.pinimg.com *.zip.co *.cloudflare.com/cdn-cgi/scripts *.cloudflare.com *.preezie.io *.pinterest.com *.preezie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.google.com unsafe-inline *.yotpo.com *.hellobar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com schots.zendesk.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com http://api.tracker.systema.ai api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.demdex.net *.zipmoney.com.au *.zip.co *.amplitude.com *.nr-data.net *.newrelic.com *.zdassets.com *.zopim.com *.pinterest.com *.doubleclick.net *.googleadservices.com *.google.com.au *.azurewebsites.net *.systema.cloud *.analytics.google.com analytics.google.com *.googleapis.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com schots.zendesk.com https://www.cloudflare.com/cdn-cgi/trace *.ip-api.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' justapprove.com.br *.justapprove.com.br approve.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com whatshelp.io online-metrix.net getbutton.io dinamize.com doubleclick.net linximpulse.net opmnstr.com btg360.com.br googleadservices.com hotjar.com traycheckout.com.br clearsale.com.br cloudflare.com shopconvert.com.br shoptarget.com.br hertzen.com hotjar.io retargeter.com.br shopback.net *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.btg360.com.br *.googleadservices.com *.hotjar.com *.dinamize.com *.doubleclick.net *.linximpulse.net *.opmnstr.com *.clearsale.com.br *.cloudflare.com *.shopconvert.com.br *.shoptarget.com.br *.traycheckout.com.br *.online-metrix.net *.getbutton.io *.whatshelp.io *.hertzen.com *.hotjar.io *.retargeter.com.br *.shopback.net wss://signalr.fbits.net *.mlstatic.com *.yapay.com.br *.mercadopago.com *.paypal.com *.objects.com *.justapprove.com.br recursos.justapprove.com.br paypalobjects.com *.paypalobjects.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br cdn.targeting.voxus.com.br *.targeting.voxus.com.br api.ipify.org targeting.voxus.com.br *.loggly.com *.voxus.tv targeting.voxus.tv *.ipify.org api.voxus.tv loggly.com vfr-v3-production.sizebay.technology *.sizebay.technology *.cloudfront.net *.clearsale.com.br *.edrone.me *.hellobar.com api.mercadopago.com dzpxyxks1bfmb.cloudfront.net *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.mercadolibre.com *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com *.tiktok.com analytics.tiktok.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net dynamic.criteo.com *.criteo.com *.criteo.net *.tiktok.com.br tiktok.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com jet.agenciaserie.com.br *.azurewebsites.net ameprod.azurewebsites.net *.blob.core.windows.net *.fbits.store *.adyen.com *.afilio.com.br secure.afilio.com.br *.instagram.com.br *.facebook.com.br *.instagram.com *.widde.io *.youtube.com youtube.com.br *.youtube.com.br youtube.com *.googletagmanager.com *.google.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.justapprove.com.br justapprove.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src https://maps.googleapis.com fonts.gstatic.com https://app.cobrowser.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com *.weltpixel.com https://service.force.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://maps.googleapis.com https://preprod-u1974--preprod.cs173.force.com https://u1974--preprod.my.salesforce.com https://u1974--preprod--c.visualforce.com https://zoocity.secure.force.com https://www.facebook.com https://app.cobrowser.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://dsp-media.eskimi.com/ https://maps.googleapis.com https://service.force.com https://d.la3-c1cs-fra.salesforceliveagent.com https://c.la3-c1cs-fra.salesforceliveagent.com https://u1974--preprod.my.salesforce.com https://d.la3-c1cs-cdg.salesforceliveagent.com https://zoocity.my.salesforce.com https://d.la3-c2-fra.salesforceliveagent.com https://static.lightning.force.com https://zoocity.secure.force.com https://d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com https://app.cobrowser.com https://connect.facebook.net https://www.googletagmanager.com tagmanager.google.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maps.googleapis.com https://service.force.com https://preprod-u1974--preprod.cs173.force.com https://zoocity.secure.force.com fonts.googleapis.com https://app.cobrowser.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://app.cobrowser.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://maps.googleapis.com https://connect.facebook.net https://preprod-u1974--preprod.cs173.force.com https://zoocity.secure.force.com https://app.cobrowser.com https://www.google-analytics.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.bootstrapcdn.com *.cloudflare.com *.bootstrap.com 'self' data: *.googleapis.com *.iwdagency.com *.yotpo.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.addthis.com https://s7.addthis.com/ *.paypal.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.googleapis.com *.iwdagency.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.gstatic.com https://maps.googleapis.com https://www.addthis.com https://s7.addthis.com/ m.addthis.com *.addthisedge.com *.paypalobjects.com *.paypal.com *.google.com z.moatads.com https://services.sheerid.com/jsapi/SheerID.js https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/sheerid.js *.attn.tv *.attentivemobile.com www.youtube.com *.iwdagency.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.iwdagency.com *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.paypal.com *.cardinalcommerce.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/sheerid.js https://www.addthis.com *.attn.tv *.attentivemobile.com *.iwdagency.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wKdwoOygauqvzopXO5M78A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xuIzjrmZCaouoHgcKTSqiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-FgRGSPOzBQKAfgiws1cMUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-agwm2Zny7kg8Sb5OHmEL0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net *.gstatic.com *.crazyegg.com google.com pd.epson.com.my *.facebook.com www.epson.com.my www.google.com.my *.doubleclick.net fast.fonts.net tags.tiqcdn.com pi.pardot.com www.youtube.com *.googleadservices.com www.google.com static.addtoany.com cdn.jsdelivr.net www.googletagmanager.com cdnjs.cloudflare.com epsonchat.teamhgs.com pro.epson.asia www.google-analytics.com *.licdn.com *.linkedin.com www.google.com.ph adservice.google.com urldefense.com api.commerce-connector.com *.bazaarvoice.com blog.epson.com.my *.goepson.com www.google.com.bn *.googleapis.com fi-v2-configs.global.commerce-connector.com analytics.google.com www.epson.com.sg ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: corretoronlinenoticias.com.br *.googleapis.com w.soundcloud.com vc.hotjar.io www.youtube.com *.hotjar.com www.googletagmanager.com *.doubleclick.net i.ytimg.com content.hotjar.io open.spotify.com www.google.com.br analytics.google.com metrics.hotjar.io *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-KQk7E0JXsj-0fa6TXzoY4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.zopim.com maxcdn.bootstrapcdn.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors cw.spex4less.com *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com widget.trustpilot.com *.online-metrix.net cw.spex4less.com account.fetchify.com www.facebook.com platform.twitter.com *.addthis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com *.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.google.com *.google.pl *.online-metrix.net *.bing.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com *.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.trustpilot.com *.bing.com *.wisepops.com cdn.rollbar.com *.spex4less.com *.cloudflareinsights.com cw.spex4less.com connect.facebook.net twitter.com platform.twitter.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net cdn.jsdelivr.net *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cc-cdn.com maxcdn.bootstrapcdn.com *.fontawesome.com https://cdn.jsdelivr.net cdn.jsdelivr.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.analytics.google.com *.google.pl *.doubleclick.net *.wisepops.com *.spex4less.com *.bing.com cw.spex4less.com https://print.test api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://uk.trustpilot.com https://widget.trustpilot.com ekr.zdassets.com/ www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.zopim.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net js.klevu.com *.klarnacdn.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net *.klevu.com *.ksearchnet.com data: www.babipurblog.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.babipurblog.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.babipurblog.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.google.com js.stripe.com *.doubleclick.net www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com tst.kaptcha.com www.paypalobjects.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.babipurblog.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cdninstagram.com 'self' data: www.google.co.uk *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com *.googleapis.com *.ggpht *.zopim.com https://v2assets.zopim.io https://static.zdassets.com www.sagepay.co.uk js.klevu.com site-assets.afterpay.com babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net c.bing.com c.clarity.ms https://static.afterpay.com https://site-assets.afterpay.com/ validate.fishpig.co.uk *.klevu.com *.ksearchnet.com www.babipurblog.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.zopim.com *.zdassets.com chimpstatic.com widget.trustpilot.com www.googletagmanager.com fonts.googleapis.com www.gstatic.com googleads.g.doubleclick.net maps.googleapis.com js.klevu.com *.klarnaservices.com *.clarity.ms *.newrelic.com *.nr-data.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net https://browser.sentry-cdn.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io *.klevu.com *.ksearchnet.com www.babipurblog.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline fonts.googleapis.com maxcdn.bootstrapcdn.com *.typekit.net js.klevu.com *.klarnacdn.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com www.babipurblog.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com www.facebook.com www.babipurblog.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.analytics.google.com *.facebook.com *.facebook.net www.google.co.uk www.apptrian.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.google.com www.googleadservices.com adservice.google.com *.google-analytics.com https://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com stats.g.doubleclick.net www.facebook.com *.klarnaservices.com *.sandbox.braintree-api.com *.clarity.ms *.newrelic.com *.nr-data.net *.ingest.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com www.babipurblog.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.babipurblog.com http: https: blob: 'self' 'unsafe-inline'; default-src www.babipurblog.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com blob: https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ampcid.google.ie https://ct.pinterest.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.abtasty.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.ie https://www.myprotein.ie/e2/ds/relay https://horizon-api.www.myprotein.ie/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.ie https://m.myprotein.ie https://checkout.myprotein.ie https://connect.facebook.net https://tr.snapchat.com https://gb5-pl-checkoutweb-001.io.thehut.local; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://sgtm.myprotein.ie https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net https://*.abtasty.com https://*.gstatic.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-IWyizL7jyRswN2QJQ3OZrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZevBNqeIiUvxJDsP16Avrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 1
object-src 'none';base-uri 'self';script-src 'nonce-Z344eHK2y0vyqwhPFEx6_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline'; font-src 'self' *.cloudflare.com *.gstatic.com *.isecurenet.in; frame-src 'self' *.google.com; img-src 'self' *.isecurenet.in; script-src-elem 'self' *.isecurenet.in; style-src-attr 'self' 'unsafe-inline' *.cloudflare.com *.googleapis.com *.isecurenet.in; report-uri https://csp.isecurenet.in/_csp 1
object-src 'none';base-uri 'self';script-src 'nonce-vPsTRwBg3gatz4_sbavZbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0uvS1X97kKBUHaZER5Lppg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' *.amazonaws.com *.zendesk.com;style-src 'self' 'unsafe-inline' localhost;font-src 'self' localhost blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com localhost;object-src 'self'; img-src 'self' *.amazonaws.com *.google-analytics.com *.analytics.google.com www.novalnet.de localhost data: blob:;media-src 'self';connect-src localhost *.zdassets.com *.zendesk.com *.google-analytics.com *.analytics.google.com t.plcnextstore.com 'self';frame-src localhost 'self' proficloud-dev.github.io/plcnextstore-mvp/3pc.html consent.cookiebot.com consentcdn.cookiebot.com blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-ISDsfgCzPuPaEIqgh1U7MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-N9hkllAkT3nqnKXgsRFXWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-PI86xWbEuYfYDzGIcMbjiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net www.google-analytics.com cdn-cookieyes.com www.google.com www.googletagmanager.com www.gstatic.com gstatic.com google.com googletagmanager.com; style-src 'unsafe-inline' 'report-sample' 'self' use.typekit.net p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' www.google-analytics.com www.yoast.com yoast.com stats.g.doubleclick.net region1.analytics.google.com www.analytics.google.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' use.typekit.net data:; frame-ancestors 'self'; frame-src 'self' www.google.com google.com; img-src 'self' data: google-analytics.com www.google-analytics.com google.com www.google.com secure.gravatar.com www.w3.org gravatar.com w3c.org cdn-cookieyes.com google.nl www.google.nl; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-I2KcIJirn9tYak9OAOMb1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self' https://social.savemy.name 'wasm-unsafe-eval'; style-src 'self' https://social.savemy.name 'nonce-hSwEaNrWVhwrAvmqUgf0cA=='; img-src 'self' data: https: blob: https://social.savemy.name; font-src 'self' https://social.savemy.name; connect-src 'self' data: blob: https://social.savemy.name https://storage.social.savemy.name; media-src 'self' https: data: https://social.savemy.name; child-src 'self' blob: https://social.savemy.name; frame-src 'self' https:; worker-src 'self' blob: https://social.savemy.name; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; manifest-src 'self' https://social.savemy.name; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-xai-9FBrhIz4Bqb3a3q0mA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.salesforceliveagent.com *.pendo.io; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.google.com *.google.nl *.pendo.io *.googletagmanager.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.alothemes.com *.magepow.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com s7.addthis.com *.avada.io *.alothemes.com *.magepow.com *.authorize.net sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-zc5yLHNRO4IHg2rwy6Cndg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-B_9l2A-7_RJJlQB0CADmvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-7SEt4EdayyLEsOrgP2EGCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3FtPg-N1nRcE2FpSoCsseg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cAo38ExFIykKNCPxoTb0FQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g8gHA33OxqrHj8XgFq-yPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qyBxHCyRHJdyTDrmVWL2qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LeVGrcPrkMwL5VxCNnmiuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-e7XUf2D4kzWwdsuby-jJvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tVt5s8xaIjnZrgJb98_g0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-NbtEtADqxoi8KqFT4NT5ng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KRw6uWl1oljRvPAs9IjBYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tDiuy6uce1dhIfLUIl0ysA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x62JnrruBadr2wsIdeRVIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1OTNfbBeMLcECzLvCnpJpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-H5Nl75XkqKfMS7wnNknvHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-19UyGWpmxPzqc9p10WnM6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_N6o121dqaEdOeJI7L2BGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MrHiRquaMWI-2u1SSNS5Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2b53d1CaUztiihjsl4vNWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-S5EVp9sj-wOWlNoaHxMCbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WoxY3-SZ1fgTlXl99NYWOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-YsOax5KnGTnjKum68ZFMyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com *.spreadshirt.ca ; font-src 'self' https: data: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-ancestors 'self' *.ift.edu.mo *.iftm.edu.mo *.utm.edu.mo 1
object-src 'none';base-uri 'self';script-src 'nonce-U08EK111ipRhC6wwzpy0EA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com ;img-src 'self'; script-src 'self'  'nonce-cUZoa0RCcTk2UWtHRWN5VlJ0UUJ3bkV3VW1LMzREQ2Q=' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ;base-uri 'self'; object-src 'self'; report-uri https://www.dynabyte.ch/xtend/aspx/cspreport.aspx 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=engineering_blog%2Fblog&source%5Bdomain%5D=shopify.engineering&source%5Bsection%5D=brochure&source%5Buuid%5D=119f7460-0530-4cce-b5d1-ec05d02e8600-1715736758 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.criteo.com creatives.attn.tv *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.bing.com *.mobilitysmart.co.uk *.googletagmanager.com cdn-images.mailchimp.com pillowexpert.matomo.cloud *.google.co.uk * *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.attn.tv events.attentivemobile.com *.avada.io *.gstatic.com *.bing.com *.cloudflare.com *.twitter.com *.fontawesome.com cdn.mobilitysmart.co.uk pillowexpert.matomo.cloud *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.mobilitysmart.co.uk *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.attn.tv events.attentivemobile.com https://get.geojs.io *.avada.io *.cloudflare.com *.googleadservices.com *.google.co.uk *.google.com *.doubleclick.net region1.analytics.google.com maxcdn.bootstrapcdn.com *.criteo.com *.bing.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://abi.mobilitysmart.co.uk/cspreport.php; report-to report-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.google.com *.doubleclick.net *.facebook.com *.youtube-nocookie.com https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com https://static.klaviyo.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ vimeo.com maps.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://apu1-cspreport-p-webapi.azurewebsites.net/api/ReportViolation;  default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.computershare.com https://*.cshare.net http://*.cshare.net https://ssl.google-analytics.com http://addresslookup.americas.cshare.net:2021 https://www.issueronline.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.computershare.com https://*.cshare.net http://*.cshare.net https://ssl.google-analytics.com http://addresslookup.americas.cshare.net:2021; https://www.issueronline.com; img-src 'self' https://*.computershare.com https://*.cshare.net https://ssl.google-analytics.com; media-src 'self'; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; frame-src 'self' https://*.computershare.com https://*.cshare.net; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.gstatic.com *.iconscout.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com/ secure.authorize.net test.authorize.net www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://vars.hotjar.com/ *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.cloudflare.com https://stats.g.doubleclick.net/ *.cloudfront.net s.ytimg.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.yotpo.com *.facebook.com *.linkedin.com t.co *.google.com *.google.co.za *.adsymptotic.com *.adroll.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.twitter.com secure.authorize.net test.authorize.net js.braintreegateway.com *.cardinalcommerce.com video.google.com *.payments-amazon.com *.payments-amazon.de *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com https://www.gstatic.com/ *.paypal.com www.youtube.com sibforms.com *.addtoany.com *.googleoptimize.com static.zdassets.com *.hotjar.com *.roomvo.com *.trustpilot.com connect.facebook.net snap.licdn.com static.ads-twitter.com *.adroll.com d.adroll.mgr.consensu.org https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.cloudflare.com *.iconscout.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com sibforms.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.cloudflare.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com *.zdassets.com *.zendesk.com roomvo.com wss://widget-mediator.zopim.com/ *.google-analytics.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.stripe.com *.google.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.clearpay.co.uk *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com/ *.mention-me.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com *.clearpay.co.uk www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.trackedlink.net *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.opayo.eu.elavon.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.mention-me.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://fonts.googleapis.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com thm.visa.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.paypal.com *.opayo.eu.elavon.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.mention-me.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com www.merlinarchery.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; frame-ancestors www.merlinarchery.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com validate.fishpig.co.uk flagpedia.net www.merlinarchery.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sagepay.com www.gstatic.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.merlinarchery.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.merlinarchery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.cdp.asia *.antsomi.com hoang-phuc.com *.hoang-phuc.com analytics.tiktok.com/ www.google.com analytics.google.com/ www.googletagmanager.com *.doubleclick.net/ online-gateway.ghn.vn/ https://fonts.gstatic.com 'self' data: tiles.goong.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.facebook.com *.facebook.net tiles.goong.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com hoang-phuc.com *.hoang-phuc.com analytics.tiktok.com/ www.google.com analytics.google.com/ *.doubleclick.net/ fonts.gstatic.com online-gateway.ghn.vn/ button-share.zalo.me/ www.facebook.com *.facebook.net tiles.goong.io https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.cdp.asia *.antsomi.com hoang-phuc.com *.hoang-phuc.com za.zalo.me analytics.tiktok.com/ analytics.google.com/ *.doubleclick.net/ fonts.gstatic.com online-gateway.ghn.vn/ www.facebook.com *.facebook.net www.google.com.vn tiles.goong.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com s7.addthis.com https://www.gstatic.com *.cdp.asia *.antsomi.com hoang-phuc.com *.hoang-phuc.com analytics.tiktok.com/ za.zdn.vn/ www.google.com analytics.google.com/ *.doubleclick.net/ fonts.gstatic.com online-gateway.ghn.vn/ 'self' data: https://code.highcharts.com www.facebook.com *.facebook.net cdn.jsdelivr.net tiles.goong.io *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.gstatic.com *.cdp.asia *.antsomi.com hoang-phuc.com *.hoang-phuc.com analytics.tiktok.com/ www.google.com analytics.google.com/ www.googletagmanager.com *.doubleclick.net/ fonts.gstatic.com online-gateway.ghn.vn/ 'self' data: cdn.jsdelivr.net tiles.goong.io *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.cdp.asia *.antsomi.com hoang-phuc.com *.hoang-phuc.com analytics.tiktok.com/ www.google.com analytics.google.com/ *.doubleclick.net/ fonts.gstatic.com online-gateway.ghn.vn/ za.zalo.me https://fcm.googleapis.com 'self' data: www.facebook.com *.facebook.net tiles.goong.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src https 'self' https://*.marketo.com https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://www.googletagmanager.com/ www.googletagmanager.com https://app-sjf.marketo.com/ *.munchkin.marketo.net *.munchkin.marketo.net/ https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://pixel-sync.sitescout.com/ pixel-sync.sitescout.com https://pixel-sync.sitescout.com/dmp/asyncPixelSync/ https://proxy.gtranslate.net/ proxy.gtranslate.net https://cdn.gtranslate.net/ https://pixel.sitescout.com/ pixel.sitescout.com *.sitescout.com https://b.6sc.co/v1/beacon/img.gif https://ipv6.6sc.co/ https://js-agent.newrelic.com/ js-agent.newrelic.com https://ibc-flow.techtarget.com/ ibc-flow.techtarget.com https://match.prod.bidr.io/ match.prod.bidr.io https://monitor.clickcease.com/ monitor.clickcease.com https://up.pixel.ad/ up.pixel.ad https://s.adroll.com/ https://us-u.openx.net/ us-u.openx.net https://app.qualified.com/ app.qualified.com https://ags.srv.stackadapt.com ags.srv.stackadapt.com https://www.redditstatic.com/ www.redditstatic.com https://px.ads.linkedin.com/ https://www.googletagmanager.com/gtm.js www.googletagmanager.com/gtm.js https://www.google-analytics.com/ www.google-analytics.com https://www.google-analytics.com/ https://bam.nr-data.net/ https://bam.nr-data.net/browser/blobs https://www.facebook.com/ www.facebook.com https://www.omappapi.com/ www.omappapi.com https://api.omappapi.com/ api.omappapi.com/v2/embed/ https://www.jitterbit.com/ www.jitterbit.com/ https://pixel.rubiconproject.com/ pixel.rubiconproject.com https://www.cloudflare.com/ www.cloudflare.com https://match.prod.bidr.io/cookie-sync/ match.prod.bidr.io/cookie-sync/ https://qualified-production.s3.us-east-1.amazonaws.com https://translate.google.com/ https://cs.lkqd.net/ https://usermatch.krxd.net/ https://google.com/pagead/form-data/ https://idsync.rlcdn.com/ https://usermatch.krxd.net/ https://ingest.sentry.io/ https://sentry.io/api/ https://bat.bing.com/ https://conversions-config.reddit.com/ https://v.clarity.ms/ https://clarity.microsoft.com/ https://tags.srv.stackadapt.com/ https://sync.taboola.com/ https://ups.analytics.yahoo.com/ https://td.doubleclick.net/ https://ws.zoominfo.com/ https://traffic.libsyn.com/ https://hwcdn.libsyn.com/ https://googleads.g.doubleclick.net/ https://js.qualified.com/ https://qualified-production.s3.us-east-1.amazonaws.com/ https://www.g2.com/products/jitterbit/rating_schema.json https://www.g2.com/ https://tracking.g2crowd.com/; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google-analytics.com/ www.google-analytics.com/ https://www.googletagmanager.com/gtm.js https://www.googleoptimize.com https://optimize.google.com https://app-sjf.marketo.com/ *.munchkin.marketo.net *.munchkin.marketo.net/ https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://bam.nr-data.net/ https://bam.nr-data.net/browser/blobs https://proxy.gtranslate.net/ proxy.gtranslate.net https://cdn.gtranslate.net/ https://tdns5.gtranslate.net/ tdns5.gtranslate.net/ https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://play.vidyard.com/ https://www.jitterbit.com/ www.jitterbit.com/ https://ingest.sentry.io/ https://sentry.io/api/ https://cs.lkqd.net/ https://googleads.g.doubleclick.net/ https://js.qualified.com/ https://qualified-production.s3.us-east-1.amazonaws.com/ https:; style-src 'self' 'unsafe-inline' https://info.jitterbit.com/js/forms2/css/forms2.css https://info.jitterbit.com/js/forms2/css/forms2-theme-simple.css https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net https://unpkg.com https://*.marketo.com https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://translate.googleapis.com https://www.gstatic.com/ https://www.googletagmanager.com/debug/badge.css https://www.omappapi.com/ www.omappapi.com https://api.omappapi.com/ api.omappapi.com/v2/embed/ https://tags.srv.stackadapt.com/sa.css https://a.omappapi.com/app/js/api.min.css https://proxy.gtranslate.net/; object-src 'none'; base-uri 'self'; connect-src 'self' https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://*.marketo.com https://*.mktoresp.com https://*.app-sjf.marketo.com/ https://clarity.microsoft.com/ https://v.clarity.ms/ https://app-sjf.marketo.com/ https://www.google-analytics.com/ https://ipv6.6sc.co/ https://c.6sc.co/ https://stats.g.doubleclick.net/ https://td.doubleclick.net/ https://ingest.sentry.io/ https://sentry.io/api/ https://www.g2.com/products/jitterbit/rating_schema.json https://www.g2.com/ https://tracking.g2crowd.com/ https://secure.adnxs.com https://translate.googleapis.com/ https://bat.bing.com/ https://js.qualified.com/ https://qualified-production.s3.us-east-1.amazonaws.com/ https://cdn.linkedin.oribi.io/partner/34919/domain/jitterbit.com/token https://cdn.linkedin.oribi.io/partner/34919/domain/jitterbit.com/token https://ibc-flow.techtarget.com/ https://ws.zoominfo.com/ https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://pixel-sync.sitescout.com/ pixel-sync.sitescout.com https://www.google.com/ https://*.google.com/ https://www.omappapi.com/ www.omappapi.com https://api.omappapi.com/ api.omappapi.com/v2/embed/ https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/ https://scout.salesloft.com/ https://px.ads.linkedin.com/ https://proxy.gtranslate.net/ https://process.iconnode.com/google-ads/ https://process.iconnode.com/session/page/ https://process.iconnode.com/session/ https://process.iconnode.com/lead/form https://monitor.clickcease.com/conversions/api/TrackConversion https://conversions-config.reddit.com/ https://conversions-config.reddit.com/ https://www.redditstatic.com/ www.redditstatic.com https://ibc-flow.techtarget.com/ ibc-flow.techtarget.com https://www.facebook.com/ facebook.com https://www.jitterbit.com/ www.jitterbit.com/ https://bam.nr-data.net/ https://bam.nr-data.net/browser/blobs https://cs.lkqd.net/ https://traffic.libsyn.com/ https://hwcdn.libsyn.com/ https://googleads.g.doubleclick.net/ https://tdns5.gtranslate.net/ tdns5.gtranslate.net/ ws:; form-action https://*.app-sjf.marketo.com/ https://app-sjf.marketo.com/ https://*.marketo.com https://proxy.gtranslate.net/ https://www.facebook.com/ www.facebook.com; font-src 'self' https://*.typekit.net https://fonts.gstatic.com https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://app-sjf.marketo.com/ https://proxy.gtranslate.net/ data:; frame-src 'self' https://*.app-sjf.marketo.com/ https://app-sjf.marketo.com/ https://www.google.com/ https://optimize.google.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.podomatic.com/ https://podomatic.com/ https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://www.podomatic.com https://*.marketo.com https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://app.qualified.com/ app.qualified.com https://pixel.sitescout.com/ https://pixel-sync.sitescout.com/ pixel-sync.sitescout.com https://platform.twitter.com/ https://www.facebook.com/ https://www.g2.com/products/jitterbit/rating_schema.json https://www.g2.com/ https://tracking.g2crowd.com/ https://play.vidyard.com/ https://jitterbit257.outgrow.us/ https://td.doubleclick.net/ https://proxy.gtranslate.net/ https://info.jitterbit.com/ info.jitterbit.com/ data:; img-src https://www.google-analytics.com/ https://www.googletagmanager.com/ www.googletagmanager.com https://optimize.google.com https://crazyegg.com/ https://script.crazyegg.com/ https://pagestates-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://qualified-production.s3.us-east-1.amazonaws.com/ https://match.prod.bidr.io/ match.prod.bidr.io https://app-sjf.marketo.com/ https://qualified-production.s3.us-east-1.amazonaws.com https://pixel.rubiconproject.com/ pixel.rubiconproject.com * data: blob:; manifest-src 'self'; media-src 'self' https://consent.truste.com/ https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://traffic.libsyn.com/ https://hwcdn.libsyn.com/ https://app.qualified.com/ app.qualified.com https://app-sjf.marketo.com/ https://proxy.gtranslate.net/ proxy.gtranslate.net; worker-src blob: 1
font-src *.fontawesome.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * static.olark.com *.facebook.com amc.demdex.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.christianlight.com *.visualwebsiteoptimizer.com *.google.com *.windows.net *.facebook.com *.google.ru *.bing.com *.olark.com *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com dev.visualwebsiteoptimizer.com connect.facebook.net bat.bing.com cdn.roirevolution.com js.bronto.com *.olark.com ajax.googleapis.com edge1.certona.net www.res-x.com *.celebros-analytics.com js-agent.newrelic.com bam-cell.nr-data.net *.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com use.fontawesome.com uitemplatev3stag.celebros.com static.olark.com www.christianlight.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.christianlight.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.roirevolution.com *.google-analytics.com *.bronto.com *.olark.com *.doubleclick.net bam-cell.nr-data.net *.googleapis.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.christianlight.com/; report-to report-endpoint; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https: 'self' data:; media-src https:; frame-src https:; frame-ancestors 'self' https://www.redhat.com/; font-src https: data:; connect-src https: wss:; report-uri /report-csp-violation 1
font-src https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com https://accounts.google.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com *.hotjar.com https://polyfill.io https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net https://accounts.google.com https://tag.rmp.rakuten.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net js.klevu.com *.ksearchnet.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.hotjar.com https://accounts.google.com https://www.gstatic.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com *.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms *.googleapis.com *.klarnaevt.com https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local 'self' data: *.twitter.com *.twimg.com *.zopim.com data: 'self' 'unsafe-inline'; form-action *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.twitter.com *.facebook.com yaby.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com platform.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.googletagmanager.com *.twitter.com *.facebook.com *.hotjar.com *.packeta.com *.doubleclick.net *.ladesk.com *.gopay.cz *.gopay.com *.criteo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com data: *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.google.com *.google.cz *.google.sk *.twitter.com *.twimg.com *.facebook.net *.ytimg.com *.imedia.cz *.zopim.com *.heureka.cz *.heureka.sk yaby.eu im9.cz *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net connect.facebook.net twitter.com platform.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.twitter.com *.twimg.com *.facebook.com *.fontawesome.com *.hotjar.com *.doubleclick.net *.imedia.cz *.doofinder.com *.packeta.com *.cookiehub.com cookiehub.net *.cookiehub.eu *.zdassets.com *.zopim.com *.sentry-cdn.com *.ladesk.com *.im9.cz *.dognet.sk login.dognet.sk *.gopay.cz *.cloudflareinsights.com *.cloudflare.com *.criteo.com *.criteo.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.cookiehub.com *.cookiehub.eu cookiehub.net *.zopim.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com *.sentry.io *.google-analytics.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google.sk *.doubleclick.net *.twitter.com *.twimg.com *.doofinder.com *.googlesyndication.com *.zdassets.com wss://widget-mediator.zopim.com *.packeta.com *.cookiehub.net *.facebook.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local yaby.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.vegadesign.cz/api/4/security/?sentry_key=aabf49608cca46b2bf8fb3c0ad2a8eba; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com *.doubleclick.net *.hotjar.com *.facebook.com *.flixcar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.ca *.doubleclick.net *.multiluminaire.ca *.facebook.com *.flix360.com *.flixcar.com *.flix360.io *.flixfacts.io *.flixfacts.com *.flixcar.io *.intuit.com *.mcusercontent.com *.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.googletagmanager.com trackcmp.net *.google.com *.facebook.net *.hotjar.com *.flixcar.com *.flix360.io *.flixfacts.com *.flixgvid.com *.newrelic.com *.privacy-center.org *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.hotjar.com *.hotjar.io *.google.com *.nr-data.net *.doubleclick.net *.klaviyo.com *.privacy-center.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net api.amplitude.com cdn.amplitude.com js-agent.newrelic.com assets.coursehero.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.opayo.eu.elavon.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.opayo.eu.elavon.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com account.fetchify.com https://www.google.com www.youtube.com youtube.com player.vimeo.com wchat.freshchat.com ukpos.webpush.freshchat.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com bat.bing.com www.facebook.com www.xtento.com cdn.xtento.com *.google.com *.google.fr *.google.ie *.google.co.uk *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.avada.io *.google.com https://www.gstatic.com ict.infinity-tracking.net script.crazyegg.com bat.bing.com wchat.freshchat.com api.feefo.com register.feefo.com connect.facebook.net client.prod.mplat-ppcprotect.com https://s3.amazonaws.com/downloads.mailchimp.com/ www.xtento.com cdn.xtento.com *.google.fr *.google.ie *.google.co.uk *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com wchat.freshchat.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ict.infinity-tracking.net script.crazyegg.com tracking.crazyegg.com bat.bing.com client.prod.mplat-ppcprotect.com click.prod.mplat-ppcprotect.com region1.analytics.google.com https://www.google.co.uk/ads/ data: *.google-analytics.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://d19vzld1wvxwbr.cloudfront.net https://fonts.gstatic.com; media-src https://rumc-gcorg-p-public.s3.amazonaws.com https://rumc-gcorg-p-public.s3.eu-west-1.amazonaws.com https://user-images.githubusercontent.com; connect-src 'self' https://grand-challenge.org https://ca-central-1.grand-challenge.org https://eu-central-1.grand-challenge.org https://*.ingest.sentry.io https://d19vzld1wvxwbr.cloudfront.net https://d1u59nsmjqjziz.cloudfront.net https://rumc-gcorg-p-uploads.s3-accelerate.amazonaws.com; frame-src https://www.youtube-nocookie.com; default-src 'none'; style-src https://d19vzld1wvxwbr.cloudfront.net https://fonts.googleapis.com 'unsafe-inline'; script-src https://d19vzld1wvxwbr.cloudfront.net 'unsafe-eval' 'self'; img-src https://d19vzld1wvxwbr.cloudfront.net https://rumc-gcorg-p-public.s3.amazonaws.com https://rumc-gcorg-p-public.s3.eu-west-1.amazonaws.com https://www.gravatar.com data: 'self' https: https://d1u59nsmjqjziz.cloudfront.net 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cdn.userway.org; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.userway.org data:; connect-src 'self' api.userway.org; script-src 'self' cdn.userway.org ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-eval' 'unsafe-inline' 'sha256-DA5u3f4yP+a9Q14vkm9t+LDdJOUnmWzlAHP81359zY0=' 'sha256-ccElp1F3PwWbFIK1pWZLQ+fAhCc777pDA16/ImcnLt4='; 1
default-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; connect-src 'self' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; base-uri 'self'; form-action 'self'; img-src 'self' data: upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; script-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; 1
object-src 'none';base-uri 'self';script-src 'nonce-uYLhYhcSHxtbdGedKHSKnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.iubenda.com/ *.google.com *.cookiebot.com *.salesmanago.pl *.youtube.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.weltpixel.com *.iubenda.com/ *.google.com *.cookiebot.com *.salesmanago.pl *.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.de *.googletagmanager.com *.feedaty.com *.salesmanago.pl *.zoorate.com *.bing.com *.facebook.com *.smct.co conversiontag.commerce-connector.como *.salesmanago.es *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.zdassets.com *.newrelic.com *.nr-data.net *.zoorate.com *.salesmanago.pl *.cloudflare.com *.doofinder.com *.googletagmanager.com *.cookiebot.com *.sella.it connect.facebook.net s.kk-resources.com *.criteo.net *.hotjar.com *.bing.com pagead2.googlesyndication.com https://www.googletagmanager.com tagmanager.google.com *.salesmanago.es *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tracking.trovaprezzi.it www.trovaprezzi.it ajax.googleapis.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.gstatic.com *.zoorate.com *.cloudflare.com tagmanager.google.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.nr-data.net *.salesmanago.pl *.salesmanago.com *.doofinder.com *.google-analytics.com *.paypal.com *.doubleclick.net pagead2.googlesyndication.com www.google.com *.hotjar.com consentcdn.cookiebot.com https://www.google-analytics.com *.salesmanago.es wss://*.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' data: *.tyba.com.co *.gstatic.com *.googleapis.com www.googletagmanager.com www.google.com *.hotjar.com *.licdn.com *.googletapmanager.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.facebook.net *.doubleclick.net *.ads-twitter.com *.segment.com *.leadgenios.net *.appsflyer.com *.clarity.ms *.criteo.com *.google-analytics.com *.tiktok.com *.hs-scripts.com *.leadgenios.net *.g2afse.com leadgenios.net 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.cookiebot.com *.hotjar.com bat.bing.com *.facebook.net *.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com www.google.com.ua web.archive.org nrcwebwinkel.nl *.cookiebot.com *.hotjar.com bat.bing.com *.facebook.net *.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google.com www.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com www.google.com.ua js-agent.newrelic.com bam-cell.nr-data.net *.cookiebot.com *.hotjar.com bat.bing.com *.facebook.net *.facebook.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com log.pinterest.com stats.g.doubleclick.net bam-cell.nr-data.net *.cookiebot.com *.hotjar.com bat.bing.com *.facebook.net *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/transparency_google 1
default-src 'self' https://api.selftournow.com wss://api.selftournow.com https://*.microblink.com; frame-ancestors 'self' https://cortland.com https://discover.lennar.com https://www.pinelakespreserve.com https://www.fallsatforsyth.com https://www.sandsparcapartments.com https://www.theoutlookatgreystone.com https://www.carringtonatperimeterpark.com https://www.providencetrail.com https://www.amli.com https://www.buranohunterscreek.com https://www.thedebrametrowest.com https://my.hy.ly; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' https://sightmap.com https://*.unitmap.com https://www.gstatic.com https://www.google.com https://*.googletagmanager.com https://www.googletagmanager.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.imgix.net https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.cookielaw.org; frame-src 'self' https://*.youtube.com https://youtu.be https://sightmap.com https://imgix.net https://*.imgix.net https://www.google.com; connect-src 'self' https://api.selftournow.com wss://api.selftournow.com https://*.microblink.com https://*.sentry.io https://sentry.io https://api.amplitude.com https://api.unitmap.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://o93959.ingest.sentry.io/api/5172446/security/?sentry_key=b30313eb3c8443a2a92c4cb036d368e2&sentry_environment=production 1
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.hotjar.com *.zopim.com *.fontawesome.com *.cloudflare.com maxcdn.bootstrapcdn.com 'self' data: www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.weltpixel.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.addthis.com *.googleapis.com *.cookieyes.com *.addtoany.com *.resengo.com *.storescan.eu *.doubleclick.net *.joyfotografie.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.cdninstagram.com *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.google.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.avada.io www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.marker.io *.addthis.com *.cookieyes.com cdn-cookieyes.com *.addtoany.com *.resengo.com *.cloudflare.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://static.klaviyo.com *.cloudflare.com tagmanager.google.com maxcdn.bootstrapcdn.com *.gstatic.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.klaviyo.com *.cookieyes.com 'self' 'unsafe-inline'; object-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; manifest-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com commerce.adobedc.net api.comapi.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com *.addthis.com ws.hotjar.com *.marker.io *.google.com *.stape.org *.instagram.com *.cookieyes.com cdn-cookieyes.com *.google.nl *.googlesyndication.com *.klaviyo.com 'self' 'unsafe-inline'; child-src www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.leurs.nl www.gartencenterleurs.de www.equidrome.nl www.equidrome.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com font.static.useinsider.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com https://local.netcoresmartech.com:3000 *.boxx.ai/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.royalselangor.com *.freshmarketer.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.google.com *.addthis.com *.hotjar.com royalselangor.api.useinsider.com *.facebook.com *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.feefo.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.my *.google.com.vn *.e-ghl.com *.twitter.com *.royalselangor.com *.mcstaging.royalselangor.com *.doubleclick.net *.useinsider.com *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com apis.google.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googletagmanager.com *.facebook.net *.api.feefo.com *.feefo.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com widgets.pinterest.com royalselangor.api.useinsider.com *.stripe.com *.stripe.network *.freshmarketer.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.feefo.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.bootstrapcdn.com assets.api.useinsider.com *.mailchimp.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com https://api.feefo.com https://collect.feefo.com *.cloudflare.com *.twitter.com *.netcore.co.in/ *.hansel.io/ *.netcoresmartech.com *.boxx.ai/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tfhub.dev storage.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net cdn.segment.com bat.bing.com adservice.google.com www.googletagmanager.com *.clarity.ms js.usemessages.com js.hs-banner.com api.segment.io utt.impactcdn.com *.hubspot.com www.ojrq.net polyfill.io analytics.analytics-egain.com *.facebook.net egain.sbli.com wsrv.nl widget.trustpilot.com js-na1.hs-scripts.com contentdsp.com *.doubleclick.net code.ionicframework.com analytics.google.com tags.srv.stackadapt.com *.sjv.io *.facebook.com *.gstatic.com google.com *.adsrvr.org www.google.com cloud-us.analytics-egain.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-LDUAXCurPu1YaRKu77J6PQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com magento-cloudflare.jetrails.com www.youtube.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://maps.googleapis.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-DjmvTy6SMirWKBSWfKAczw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
*.sooqr.com *.spotlersearch.com spotlersearchanalytics.com 1
font-src *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://a.klaviyo.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.googletagmanager.com *.facebook.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com *.google-analytics.com http://dpm.demdex.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com maps.googleapis.com https://cdnjs.cloudflare.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com maps.googleapis.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com maps.googleapis.com maps.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.gstatic.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com www.googletagmanager.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com fonts.googleapis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.crazyegg.com googleads.g.doubleclick.net bam-cell.nr-data.net *.lr-ingest.io *.foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vgVVRgpzKDLleTyEbdgxaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self'  https://cdnjs.cloudflare.com maps.googleapis.com; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.riobilheteunico.com.br www.google.com *.googleapis.com newassets.hcaptcha.com www.google-analytics.com code.jquery.com *.gstatic.com www.googletagmanager.com use.typekit.net js.hcaptcha.com *.riocardmais.com.br ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com ekr.zdassets.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-nWs9XxVk0-_D9HHNCsyOte2vRWottY_U'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://v2.zopim.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://widget.trustpilot.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://belco-prod.s3-eu-central-1.amazonaws.com https://static.buckaroo.nl https://cdn.clerk.io https://v2assets.zopim.io https://v2.zopim.com https://www.google.com https://www.google.rs https://www.google.nl https://www.google.pl https://www.google.uk https://www.google.de https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.belco.io https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://api.clerk.io https://cdn.clerk.io https://devdocs.magento.com https://magento.com http://widget.trustpilot.com https://invitejs.trustpilot.com https://v2.zopim.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net https://static.hotjar.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ekr.zendesk.com/ https://devdocs.magento.com wss://widget-mediator.zopim.com https://ekr.zdassets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self'; report-uri /cspreport.php 1
frame-ancestors 'self'; report-uri https://o1035807.ingest.sentry.io/api/6040549/security/?sentry_key=ca01bc61114246a385081a6f80f0182a&sentry_environment=production 1
object-src 'none';base-uri 'self';script-src 'nonce-Vi_i4R5slcXSx1RVddnXsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; img-src 'self' data: 'unsafe-eval' https://cdn.rand.com https://s1749.t.eloqua.com https://cihost.uberflip.com https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://match.adsrvr.org https://ps.eyeota.net https://px.ads.linkedin.com https://b.6sc.co https://ml314.com https://chatserver12.comm100.io https://www.google.com https://www.google.ca https://www.google-analytics.com https://insights.sitesearch360.com https://content.cdntwrk.com https://i.ytimg.com https://app.cdntwrk.com https://blogs.rand.com https://vue.comm100.com https://www.googletagmanager.com https://bat.bing.com https://tags.bluekai.com https://cm.g.doubleclick.net https://ws.rqtrk.eu https://pippio.com https://pixel.tapad.com https://dmp.adform.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://googleads.g.doubleclick.net https://ajax.aspnetcdn.com https://img.en25.com/i/elqCfg.min.js https://img.en25.com/i/elqCfg.min.js https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.sitesearch360.com/ https://j.6sc.co/6si.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://vue.comm100.com https://ml314.com https://415621.tctm.xyz/t.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://content.cdntwrk.com; connect-src 'self' https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co https://stats.g.doubleclick.net https://chatserver12.comm100.io https://cdn.linkedin.oribi.io https://analytics.google.com https://epsilon.6sense.com https://insights.sitesearch360.com ; font-src 'self' data: https://fonts.gstatic.com https://vue.comm100.com; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com *.trustpilot.com *.criteo.com *.google.ie *.paypalobjects.com *.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.fr *.google.ie *.bing.com *.cloudiq.com *.facebook.com *.mediawallahscript.com *.socdm.com *.criteo.com *.stickyadstv.com *.liadm.com *.postrelease.com *.revcontent.com *.smaato.net *.tapad.com *.clmbtech.com *.tpmn.co.kr *.1rx.io *.bluekai.com *.rqtrk.eu pippio.com *.targeting.unrulymedia.com *.rlcdn.com *.srv.stackadapt.com *.agkn.com *.adsrvr.org *.tidaltv.com *.company-target.com *.cardlytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.cloudflareinsights.com *.criteo.com chimpstatic.com *.trustpilot.com *.bing.com *.facebook.net *.cloudiq.com *.clickguardian.app *.pcapredict.com *.searchanise.com *.kxcdn.com *.aspnetcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.kxcdn.com *.clickguardian.app *.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.clickguardian.app *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://mschosting.report-uri.com/r/t/csp/wizard 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.se ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.se *.spreadshirt.se ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.se ; font-src 'self' https: data: *.spreadshirt.se ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.se ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.se ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; img-src * 1
default-src https:; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VFJ37LoMajrwKNvJ8w5hBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https: 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-+SiUdzhBKk9wjdj7tLS2P5AjueTmlY3QiFEPzg1F+Aw='; base-uri 'self';report-to csp-endpoint 1
font-src *.cloudflare.com 'self' data: *.gstatic.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.amazonaws.com *.klarnacdn.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.hotjar.com app.smartsheet.com www.googletagmanager.com www.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.cloudflare.com *.google-analytics.com *.feefo.com *.sagepay.co.uk ebizmarts-website.s3.amazonaws.com www.google.co.uk www.google.com cdn.klarna.com www.electricradiatorsdirect.co.uk *.ads.linkedin.com *.linkedin.com *.bing.com www.facebook.com www.google.gg www.google.ca www.google.es *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.fontawesome.com *.chimpstatic.com chimpstatic.com *.googletagmanager.com *.gstatic.com *.google.com *.hotjar.com *.bing.com snap.licdn.com secure.vane3alga.com api.feefo.com register.feefo.com *.klarna.com *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.analytics.google.com *.cloudflareinsights.com *.klaviyo.com *.doubleclick.net *.facebook.net *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.klarnacdn.net unsafe-inline *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ideal-postcodes.co.uk *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.hotjar.io *.bing.com www.facebook.com bat.bing.com api.feefo.com register.feefo.com collect.feefo.com *.klarnaevt.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net cdn.ampproject.org *.klaviyo.com *.google.com *.google.co.uk *.linkedin.com *.crazyegg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ignition.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.gstatic.com *.fontawesome.com *.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.cloudflare.com assets.livecall.io *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.easypack24.net data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk assets.livecall.io facebook.com facebook.net pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net https://www.magezon.com https://meetanshi.com/media/logo.png quickchart.io img.youtube.com *.google.pl assets.livecall.io *.cloudflare.com https://cdn.klarna.com *.magentocommerce.com *.paypal.com *.tpay.com *.payu.com https://s.ytimg.com *.usercentrics.eu translate.googleapis.com facebook.com facebook.net aktywnybaner.rzetelnafirma.pl *.googletagmanager.com www.facebook.com www.google.com pixel.homebook.pl pixel.wp.pl *.googleapis.com static.przelewy24.pl www.gstatic.com gstatic.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.facebook.com *.facebook.net *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com *.googleapis.com *.cloudflare.com assets.livecall.io *.google-analytics.com translate.googleapis.com *.trustedshops.com *.usercentrics.eu *.tpay.com *.paypal.com *.payu.com *.easypack24.net *.unpkg.com *.jsdelivr.net *.mapbox.com connect.facebook.net bam.eu01.nr-data.net js-agent.newrelic.com pixel.homebook.pl pixel.wp.pl sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com assets.livecall.io *.typekit.net *.bootstrapcdn.com *.trustedshops.com *.usercentrics.eu *.przelewy24.pl *.easypack24.net translate.googleapis.com fonts.googleapis.com/ secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src assets.livecall.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.cloudflare.com assets.livecall.io analytics.google.com *.paypal.com bam.eu01.nr-data.net facebook.com facebook.net stats.g.doubleclick.net signalling.livecall.io geoip.livecall.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-7G_HJfWe4Qcf8le0bd9lvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src  'self' 'unsafe-eval' 'unsafe-inline' blob:  https://*.zappsusercontent.com https://*.zappsusercontent.eu https://*.zappsusercontent.in https://*.zappsusercontent.com.au https://*.zappsusercontent.com.cn https://*.localzappscontents.com https://*.zohostatic.com https://*.zoho.com https://h2js.zohocdn.com https://js.zohocdn.com https://desk.zoho.com https://salesiq.zoho.com https://js.zohostatic.com https://localjs.zohostatic.com  https://media.twiliocdn.com/sdk/js/client/releases/1.7.7/twilio.min.js https://media.twiliocdn.com/sdk/js/client/v1.7/twilio.min.js https://cdn.pagesense.io   https://pagesense-collect.zoho.com  https://iplocation.zoho.com  https://s.ytimg.com/yts/jsbin/  https://www.youtube.com/iframe_api https://dyjgaef5vuq51.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://d22czkv2r5ogmg.cloudfront.net https://d12h6dzwzn4m10.cloudfront.net https://d17nz991552y2g.cloudfront.net https://scripts.zohospotlight.com chrome-extension://*  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.localzohocdn.com https://js.stratuscdn.com   https://cdn.pagesense.io https://zohotagmanager.cdn.pagesense.io https://static.zohocdn.com  https://www.zohowebstatic.com/ https://scripts.zohospotlight.com https://widgets.zohosalesiq.com https://static.stratuscdn.com https://static.localzohocdn.com https://static.zohocdn.com.cn https://js.stripe.com https://connect.facebook.net; report-uri https://logsapi.zoho.com/csplog?service=crm 1
font-src *.cloudflare.com https://fonts.gstatic.com/ https://staticw2.yotpo.com/ *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://klear.com https://s7.addthis.com/ https://www.google.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://8985111.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.youtube.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://*.googletagmanager.com https://*.teads.tv/ www.facebook.com *.klaviyo.com *.cloudfront.net *.cloudflare.com https://cdn.klarna.com *.paypal.com https://www.janmarini.com https://p.yotpo.com/ https://cdn-yotpo-images-production.yotpo.com/ blob: https://www.google.com *.doubleclick.net *.cdninstagram.com https://s.ytimg.com *.usercentrics.eu img.icons8.com cfvod.kaltura.com staticw2.yotpo.com maps.googleapis.com maps.gstatic.com meetanshi.com *.kickfire.com https://www.rumiview.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.fbcdn.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com https://f.vimeocdn.com/ www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://klear.com https://*.tiktok.com/ *.cloudflare.com *.demandbase.com *.kickfire.com *.klaviyo.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.gstatic.com/ maps.googleapis.com https://www.googleapis.com/ www.facebook.com https://cmp.osano.com/ https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://staticw2.yotpo.com/ *.trustedshops.com *.usercentrics.eu https://s7.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://code.jquery.com/ https://vimeo.com/ https://cdnapisec.kaltura.com/ https://assets.adobedtm.com/ https://www.rumiview.com/ https://i.simpli.fi/ https://tag.simpli.fi/ https://www.dialogtech.com/ https://*.teads.tv/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.authorize.net jstest.authorize.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klaviyo.com *.cloudflare.com *.typekit.net https://fonts.googleapis.com/ https://staticw2.yotpo.com/ *.trustedshops.com *.usercentrics.eu https://code.jquery.com/ https://cdn.jsdelivr.net/ https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.tiktok.com/ https://klear.com https://*.teads.tv/ https://*.rumiview.com/ *.klaviyo.com *.doubleclick.net *.cloudflare.com https://w2.yotpo.com https://staticw2.yotpo.com/ https://*.instagram.com/ https://tattle.api.osano.com/ *.paypal.com https://app.proofo.io/ https://api.yotpo.com/ https://dpm.demdex.net/ https://www.google-analytics.com/ https://analytics.google.com/ https://bt.signifyd.com:11103/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com apitest.authorize.net jstest.authorize.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/passwords_google 1
object-src 'none';base-uri 'self';script-src 'nonce-uI68G7pnqUvKEIaLqhp2Fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://i.ytimg.com https://*.ytimg.com https://*.googleapis.com https://i.vimeocdn.com/; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com https://player.vimeo.com https://embed.podcasts.apple.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://themes.googleusercontent.com; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://maps.googleapis.com https://bam.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com x.klarnacdn.net *.bazaarvoice.com cdn-scripts.signifyd.com www.googletagmanager.com eu.klarnaevt.com imgs.signifyd.com *.googlesyndication.com secure.nmi.com fast.a.klaviyo.com *.gstatic.com *.facebook.net maxcdn.bootstrapcdn.com na-library.klarnaservices.com stats.wp.com cdn.userway.org *.clarity.ms www.google.com.sa www.google.co.in www.google.com *.googleapis.com static.klaviyo.com adservice.google.com na.klarnaevt.com js.klarna.com cdnjs.cloudflare.com *.online-metrix.net youtube.com *.doubleclick.net pixel.wp.com *.algolia.net ka-p.fontawesome.com *.facebook.com www.youtube.com static-tracking.klaviyo.com *.cloudfront.net bat.bing.com static-forms.klaviyo.com api.userway.org www.gsmoutdoors.com osm.klarnaservices.com www.google-analytics.com cdn77.api.userway.org cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com ; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' data: blob: wss://127.0.0.1:18623 https://127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' data:  gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 1
font-src fonts.gstatic.com *.fontawesome.com www.mstyle.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.mstyle.co.uk 'self' 'unsafe-inline'; frame-ancestors www.mstyle.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com *.weltpixel.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.mstyle.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline tagmanager.google.com www.mstyle.co.uk 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.mstyle.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com https://www.google-analytics.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.mstyle.co.uk http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src www.mstyle.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: *.retailcrm.tech https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.twitter.com *.googletagmanager.com *.facebook.com *.aquamonkey.pl.local *.aquamonkey.pl *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com aquapolis.ua aquapolis.ru *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.ua *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.fontawesome.com *.retailcrm.tech *.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.polyfill.io https://browser.sentry-cdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com secure.payu.com secure.snd.payu.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.unpkg.com *.retailcrm.tech *.googletagmanager.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.payu.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: *.retailcrm.tech *.easypack24.net https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src aquapolis.ua aquapolis.ru https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.ingest.sentry.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.twitter.com *.paypal.com *.twimg.com *.retailcrm.tech *.googletagmanager.com *.facebook.com *.newrelic.com *.nr-data.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com *.googleapis.com use.typekit.net use.fontawesome.com *.reamaze.com yotpo-stool.s3.amazonaws.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com core.spreedly.com *.rfihub.com *.facebook.com live.rezync.com hallsandbox-reservations.vintegrate.com hall-reservations.vintegrate.com kazzit.com player.cnbc.com player.ooyala.com *.paperturn-view.com amc.demdex.net *.eventbee.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.waltwines.com *.hallwines.com *.bacawines.com cdn.reamaze.com reamaze-prod.s3.amazonaws.com i1.wp.com data.coremetrics.com tools.luckyorange.com *.pages05.net *.bing.com t.co analytics.twitter.com *.clarity.ms *.facebook.com connect.facebook.net *.googletagmanager.com *.doubleclick.net *.adsrvr.org shareasale-analytics.com shareasale.com secure.gravatar.com *.cloudfront.net *.monetate.net px.adentifi.com *.ads.linkedin.com *.linkedin.com linkedin.com forms.hsforms.com track.hubspot.com *.hubspotusercontent-na1.net *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.commerce7.com https://cdn.commerce7.com/v2/manifest.d29b1967fa6a16696049.js.gz https://cdn.commerce7.com/v2/vendor.84cd85564b7f2f406b66.js.gz https://cdn.commerce7.com/v2/bundle.8cf96308b65ac6590a85.js.gz core.spreedly.com *.subscribepro.com tools.luckyorange.com *.pages05.net *.nagich.com *.reamaze.com *.rfihub.net *.serving-sys.com *.cloudfront.net *.cloudflare.com bat.bing.com connect.facebook.net *.clarity.ms commercelibs.ibm.com *.brilliantcollector.com static.ads-twitter.com *.googleapis.com hall-reservations-frame.vintegrate.com *.steelhousemedia.com *.paperturn-view.com player.ooyala.com embed.typeform.com bam.nr-data.net *.monetate.net *.dwin1.com *.eventbee.com js.hsadspixel.net snap.licdn.com shareasale-analytics.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net *.useinsider.com *.commerce7.com player.vimeo.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.clickcease.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.subscribepro.com cloud.typography.com tools.luckyorange.com hello.myfonts.net *.nagich.com *.typekit.net cdn.reamaze.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com embed.typeform.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.reamaze.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.commerce7.com https://portal.claritysystemsinc.com *.subscribepro.com core.spreedly.com *.luckyorange.com wss://*.luckyorange.com *.nagich.com cdn.reamaze.com *.reamaze.io wss://ws.reamaze.com hallwines.reamaze.io *.serving-sys.com am.freshrelevance.com/ wss://am.freshrelevance.com/ *.dycdn.net wss://in.visitors.live in.visitors.live *.brilliantcollector.com *.clarity.ms *.bing.com *.analytics.google.com *.cloudfront.net *.doubleclick.net bam.nr-data.net cdn.linkedin.oribi.io facebook.com *.facebook.com forms.hubspot.com forms.hscollectedforms.net *.useinsider.com *.commerce7.com api.hubapi.com px.ads.linkedin.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.claritysystemsinc.com *.waltwines.com *.hallwines.com *.bacawines.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-pW3iybzVXn8sncKHl2hDy9k4cIj+zOur/McrbegkqF0='; base-uri 'self';report-to csp-endpoint 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-jazO0EN2o5j/ImqJNELzs4EtvkgmwdngKRZ3MCJE7ew='; base-uri 'self';report-to csp-endpoint 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.monetate.net maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.monetate.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.croapp.net https://unpkg.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com https://www.facebook.com https://vars.hotjar.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://statdev.dickson-eshop.com https://statrct.dickson-eshop.com https://static.dickson-constant.com https://img.youtube.com https://www.googletagmanager.com https://www.facebook.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://platform-cdn.sharethis.com https://www.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://maps.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://l.sharethis.com https://in.hotjar.com https://region1.google-analytics.com https://www.google.fr *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' statistiek.rijksoverheid.nl; script-src 'self' 'sha256-3Pejfkj6T0q3nIFwdhJVA0ST+KnF2yIhYlZO1qmTNPU=' statistiek.rijksoverheid.nl 'report-sample' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE='; object-src 'self'; style-src 'self' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-mCFjSEfVbMV655L708fbXky77erDrJ8sYVyx+V9Igjg=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='  'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' ; img-src 'self' statistiek.rijksoverheid.nl *.rovid.nl data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/44/security/?sentry_key=7a6c58c960be4975936f128606931c16&sentry_environment=production 1
font-src *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pay.google.com play.google.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com testcards.autopay.eu cards.autopay.eu pay.google.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com testpay.autopay.eu pay.autopay.eu testcards.autopay.eu cards.autopay.eu *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ccbuchner.de www.ccbuchner.de https://secure.ogone.com https://ogone.test.v-psp.com captcha.wirth-horn.de cookiemanager.wirth-horn.de whstatistics-api.wirth-horn.de https://www.click-and-teach.de https://www.click-and-study.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://*.googleusercontent.com https://www.instagram.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com *.criteo.com *.hotjar.com *.pinterest.com *.useinsider.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com https: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com *.ads-twitter.com *.adnxs.com *.api.useinsider.com *.bat.bing.com *.cfjump.com *.clarity.ms *.criteo.com *.dev.visualwebsiteoptimizer.com *.doubleclick.net *.facebook.net *.getsitecontrol.com *.google.com *.googletagmanager.com *.hotjar.com *.inwebr.com *.licdn.com *.newrelic.com *.nr-data.net *.pinimg.com *.redditstatic.com *.roymorgan.com *.thewhiskyclub.com.au *.twitter.com *.zipmoney.com.au *.zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io cdn.dnky.co webchat.dotdigital.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.bat.bing.com *.stats.g.doubleclick.net *.clarity.ms *.getsitecontrol.com *.getsitectrl.com *.hotjar.com *.nr-data.net *.pinterest.com *.useinsider.com *.thewhiskyclub.com.au *.zip.co *.zipmoney.com.au *.cdn.linkedin.oribi.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-lPc75OECZWwiH9UrM4OGtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-iKf7WFe-uNEfUsqxwWIRUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
fonts-src https://fonts.gstatic.com; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.adyen.com *.weltpixel.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.clarity.ms *.smartsuppcdn.com maps.googleapis.com maps.gstatic.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.google-analytics.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src code.jquery.com cdnjs.cloudflare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.adyen.com https://www.googletagmanager.com tagmanager.google.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.youtube.com *.pinimg.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com camo.githubusercontent.com *.adyen.com *.gstatic.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com data: 'self' 'unsafe-inline'; font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com *.azureedge.net *.doofinder.com data: 'self' 'unsafe-inline'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com *.adobe.com tagmanager.google.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.affirm.com *.affirm.ca *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.affirm.com *.affirm.ca https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca *.google.com/ *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.affirm.com *.affirm.ca https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' chrome-extension: 'unsafe-inline' blob: https://widget-feature.local 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.youtube.com chrome-extension: https://noop.style https://skytraf.xyz https://youtube.com https://m.youtube.com https://dl.metabar.ru https://acestream.me https://mozbar.moz.com https://td.doubleclick.net; object-src 'self' https://noop.style chrome-extension: https://object.center; report-uri /cspreportonly; 1
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 1
report-uri https://csp.withgoogle.com/csp/forms/prod;frame-ancestors 'none' 1
script-src 'nonce-3cUV3XETgTxNCUcZTZqTpQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /-/csp_report?report_only=true; script-src 'self' 'unsafe-inline' 'report-sample' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://js.stripe.com https://recordwidget.vimeocdn.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://js.stripe.com https://recordwidget.vimeocdn.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=true; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-t2fmmilcra8u7ln7a0ipujpu8' 1
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 1
default-src 'self'; script-src 'self' inline 'unsafe-eval' https://www.googletagmanager.com https://public.flourish.studio https://static.axept.io https://challenges.cloudflare.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://static.axept.io https://public.flourish.studio https://cdn.addsearch.com https://challenges.cloudflare.com; script-src-attr 'self' 'unsafe-inline' inline https://static.axept.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' https://cdn.addsearch.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://client.axept.io/ https://api.axept.io https://static.axept.io https://www.google-analytics.com https://analytics.google.com https://axeptio.imgix.net https://content.hotjar.io https://vc.hotjar.io https://in.hotjar.com https://script.hotjar.com https://csmetrics.hotjar.com wss://ws.hotjar.com https://api-eu.addsearch.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://flo.uri.sh https://airtable.com https://app.powerbi.com https://player.rss.com https://www.youtube-nocookie.com https://challenges.cloudflare.com; img-src 'self' data: https://public.flourish.studio https://axeptio.imgix.net https://www.googletagmanager.com https://favicons.axept.io https://cdn.addsearch.com https://i.ytimg.com https://*.gstatic.com https://www.google.at https://www.google.ch https://www.google.no https://www.google.jp https://www.google.fr; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /fileadmin/CspReportLogger.php 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: code.jquery.com www.googletagmanager.com cdnjs.cloudflare.com *.gstatic.com tag.aticdn.net www.google.com *.onetrust.com cdn.cookielaw.org logs1412.xiti.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
script-src 'report-sample' 'strict-dynamic' 'self' 'unsafe-eval' 'nonce-Pb5jCIyqrntvtRQAJHNKwWkXMz8sE0c688VU9hDj/mc=' https://consent.cookiebot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/6fa13bb1-e8ba-40b0-af4e-254d9f369605/state.js https://www.youtube.com https://consentcdn.cookiebot.com/consentconfig/99acbe5d-d66a-45d0-80ca-556dbd42b977/state.js https://consentcdn.cookiebot.com/consentconfig/2f67df6e-8e96-4445-969f-6fa4bec02c91/state.js https://embed.typeform.com/next/embed.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://static.srcspot.com/libs/casey.js https://www.clarity.ms https://wchat.eu.freshchat.com https://wchat.eu.freshchat.com/js/widget.js https://www.googletagmanager.com/gtm.js https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com/s/player/42a553e1/www-widgetapi.vflset/www-widgetapi.js;style-src 'report-sample' 'self' 'unsafe-inline' https://www.fundsmith.eu https://embed.typeform.com https://fonts.googleapis.com https://wchat.eu.freshchat.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://consent.cookiebot.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.clarity.ms/collect https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://assetscdn-wchat.eu.freshchat.com https://analytics.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://fundsmith.cloudflareaccess.com https://region1.analytics.google.com https://region1.google-analytics.com https://translate.googleapis.com https://vimeo.com https://webservices.data-8.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com;frame-src 'self' https://*.eu.webpush.freshchat.com https://consentcdn.cookiebot.com https://form.typeform.com https://payments.worldpay.com https://player.vimeo.com https://w.soundcloud.com https://wchat.eu.freshchat.com https://www.googletagmanager.com https://www.youtube.com https://www2.fundsmith.co.uk;img-src 'self' blob: data: https://*.clarity.ms https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://fonts.gstatic.com https://i.vimeocdn.com https://i.ytimg.com https://i3.ytimg.com https://img.youtube.com https://imgsct.cookiebot.com https://region1.google-analytics.com https://tracker.live.rns-distribution.com https://translate.google.com https://www.fundsmith.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.sharesmagazine.co.uk;manifest-src 'self'; media-src 'self'; worker-src 'self'; report-uri /umbraco/surface/cspreporting/receivecspreport; 1
object-src 'none';base-uri 'self';script-src 'nonce-OlSYguimLUkBmnfoFJ5zOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.google.com.ua *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com *.google.com/ *.doubleclick.net *.facebook.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.instagram.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com * *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.tawk.to data: eadn-wc05-6548239.nxedge.io *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca *.weltpixel.com *.tawk.to static.addtoany.com *.braintreegateway.com eadn-wc05-6548239.nxedge.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca cdn.jsdelivr.net *.tawk.to *.google.com *.google.ca eadn-wc05-6548239.nxedge.io *.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.kaptcha.com *.tawk.to cdn.jsdelivr.net static.addtoany.com graph.facebook.com eadn-wc05-6548239.nxedge.io *.avada.io maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.bootstrapcdn.com cdn.jsdelivr.net eadn-wc05-6548239.nxedge.io *.fontawesome.com *.addtoany.com maxcdn.bootstrapcdn.com *.gstatic.com *.tawk.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca *.kaptcha.com *.google-analytics.com stats.g.doubleclick.net *.tawk.to wss://*.tawk.to eadn-wc05-6548239.nxedge.io https://get.geojs.io *.avada.io http://dpm.demdex.net www.gstatic.com maps.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-rBAUVIRzX7GNDvy1B2njTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://mail.movaglobes.com http://mail.movaglobes.com https://ct.pinterest.com https://www.paypalobjects.com https://ssl.kaptcha.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://t.co https://analytics.twitter.com https://alb.reddit.com https://sp.analytics.yahoo.com https://ct.pinterest.com https://bat.bing.com https://px.ads.linkedin.com https://www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://mail.movaglobes.com http://mail.movaglobes.com https://ct.pinterest.com https://s.pinimg.com https://assets.adobedtm.com https://bat.bing.com https://www.redditstatic.com https://s.yimg.com https://snap.licdn.com http://static.ads-twitter.com https://cdn.jsdelivr.net https://js-agent.newrelic.com https://beacon-v2.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://widgets.goaffpro.app/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://api.goaffpro.com https://static.goaffpro.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://s.yimg.com https://ct.pinterest.com https://stats.g.doubleclick.net https://analytics.google.com https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.goaffpro.com https://static.goaffpro.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-m266b-YXCZTkCEeLC9EDaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com worldtimeapi.org *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' http: https:; font-src 'self' https: data:; img-src 'self' http: https: data: blob:; object-src 'none'; connect-src 'self' wss: http: https:; script-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: http: 'unsafe-inline'; worker-src blob:; report-uri https://hlidacky.report-uri.com/r/d/csp/reportOnly 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com cdn1.stamped.io stamped.io *.fontawesome.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.nosto.com *.nos.to js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com cdn1.stamped.io stamped.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klarnaevt.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cdninstagram.com *.smarthint.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com *.twitter.com *.cdninstagram.com *.smarthint.co *.hotjar.io *.hotjar.com *.sunset.systems *.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.io *.pagaleve.com.br https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.sharethis.com *.pinterest.com *.cdninstagram.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.mercadolibre.com *.mercadolivre.com *.facebook.com *.googletagmanager.com *.arrowhitech.net *.mercadopago.com *.mercadopago.com.br *.yourviews.com.br *.yviews.com.br *.jcdecor.com.br *.google.com.br *.googleusercontent.com *.amazonaws.com *.smarthint.co *.doubleclick.net *.conectiva.io https://conectiva.io *.jivosite.com *.clarity.ms *.bing.com *.imgur.com *.widde.io *.mercadolibre.com.br https://mercadopago.com.br *.mlstatic.com *.pagaleve.com.br https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.vimeo.com *.paypal.com *.paypalobjects.com *.cdninstagram.com *.facebook.net *.google.com *.yourviews.com.br *.yviews.com.br *.hotjar.io *.hotjar.com *.google.com.br *.smarthint.co *.jivosite.com *.jquery.com *.cartstack.com.br *.conectiva.io https://conectiva.io *.doubleclick.net *.clarity.ms *.widde.io *.zdassets.com *.zopim.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagaleve.com.br https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cdninstagram.com *.yourviews.com.br *.yviews.com.br *.smarthint.co *.googletagmanager.com *.jivosite.com *.jquery.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.jivosite.com *.widde.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.twitter.com *.twimg.com *.cdninstagram.com *.facebook.net *.mercadolibre.com *.yourviews.com.br *.doubleclick.net *.hotjar.io wss://ws14.hotjar.com/* *.hotjar.com *.facebook.com *.openpix.com.br *.performa.ai *.conectiva.io *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com https://conectiva.io *.jivosite.com wss://vi-ya-4.jivosite.com *.google.com *.cartstack.com.br *.clarity.ms *.smarthint.co *.googlesyndication.com https://x.clarity.ms/collect *.widde.io jcdecor-server.ue.r.appspot.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri *.jcdecor.com.br/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' kidy.com.br *.kidy.com.br kidy.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br *.googleadservices.com *.g.doubleclick.net googleadservices.com stats.g.doubleclick.net *.posclick.dinamize.com *.lomadee.com ajax.cloudflare.com connect.facebook.net *.facebook.net *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net code-sa1.jivosite.com static.hotjar.com *.hotjar.com node-sa1-a-1.jivosite.com *.jivosite *.hotjar.io vc.hotjar.io wss://chat-sa1-1.jivosite.com telemetry.jivosite.com *.jivosite.com wss://node-sa1-a-1.jivosite.com dzpxyxks1bfmb.cloudfront.net orion-lb-01.fbits.net *.fbits.net pontos.kidy.com.br gstatic.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.google.com *.clarity.ms *.soclminer.com.br *.btg360.com.br *.socialminer.com *.cloudfront.net signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.rdstation.com.br *.kidy.com.br popups.rdstation.com.br rdstation.com.br pageview-notify.rdstation.com.br google.com *.google.com.br *.googleapis.com *.googletagmanager.com *.doubleclick.net *.fbits.store *.ritmopropaganda.com *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.kidy.com.br kidy.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: email.score-invest.com ajax.googleapis.com *.bing.com c.clarity.ms cdn.cookielaw.org cdn.early-birds.fr cdn.early-birds.io cdnjs.cloudflare.com ajax.cloudflare.com googleads.g.doubleclick.net h.clarity.ms sibautomation.com static.cloudflareinsights.com pixel.rubiconproject.com widgets.trustedshops.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com fonts.gstatic.com connect.facebook.net *.criteo.net *.criteo.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io wss://*.zendesk.com wss://*.zopim.com *.liadm.com criteo-partners.tremorhub.com sync.outbrain.com sync-t1.taboola.com rtb-csync.smartadserver.com eb2.3lift.com ad.360yield.com simage2.pubmatic.com r.casalemedia.com criteo-sync.teads.tv contextual.media.net cm.adform.net visitor.omnitagjs.com match.sharethrough.com matching.ivitrack.com *.stickyadstv.com exchange.mediavine.com s.ad.smaato.net *.doubleclick.net *.dmxLeo.com e1.emxdgt.com *.yahoo.com *.adnxs.com x.bidswitch.net api.early-birds.fr *.badminton-point.com  *.badminton-point.de *.brevo.com *.onetrust.com 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net p.monetico-services.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com secure-gateway.hipay-tpp.com *.hipay.com cl.avis-verifies.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://images.unsplash.com t4.my-probance.one/ www.google.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com www.google-analytics.com static.cloudflareinsights.com ajax.cloudflare.com/ t4.my-probance.one/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.hipay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.hipay.com wss://mpsnare.iesnare.com region1.analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src t4.my-probance.one/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.epic.com https://*.epichosted.com;frame-src 'self' epichttp: https://www.etz.nl;script-src 'nonce-43494bcb583842baa4a160eba7b54add' https://www.mijnetz.nl 'self';img-src 'self' blob: data: https://*.etz.net https://fonts.gstatic.com https://translate.google.com https://www.etz.nl https://www.mijnetz.nl;connect-src 'self' http://translate.googleapis.com;style-src https://www.mijnetz.nl 'self' 'unsafe-inline';font-src 'self' https://fonts.gstatic.com;form-action 'self';media-src 'self' https://www.etz.nl;report-uri https://mijnetznl.report-uri.com/r/t/csp/reportOnly; 1
font-src *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://media.flixcar.com/ https://media.flixfacts.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.google-analytics.com *.googleadservices.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.googleadservices.com *.googleapis.com account.fetchify.com *.google.com/ *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.hotjar.com *.doubleclick.net *.facebook.com https://plausible.io/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://images.unsplash.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google-analytics.com *.googleadservices.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.klevu.com *.ksearchnet.com *.facebook.com *.google.co.uk *.flix360.com *.bing.com https://media.flixcar.com/ https://register.feefo.com/ https://logo.flix360.io/ https://lantern.roeye.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.googleadservices.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.klevu.com *.ksearchnet.com *.google.com/ *.trustpilot.com *.cloudflare.com *.salesfire.co.uk *.jsdelivr.net *.facebook.net *.bing.com *.clickcease.com *.hotjar.com https://static.zdassets.com https://plausible.io/ https://media.flixfacts.com/ https://cdn.loadbee.com/ https://api.feefo.com/ https://register.feefo.com/  https://lantern.roeyecdn.com/ https://media.flixcar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.google-analytics.com *.googleadservices.com *.googleapis.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com *.jsdelivr.net *.typekit.net https://register.feefo.com/ https://media.flixcar.com/ 'self' 'unsafe-inline'; object-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.googleadservices.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com *.smartmetrics.co.uk *.salesfire.co.uk *.doubleclick.net *.facebook.com *.hotjar.io 8.hotjar.com *.hotjar.com wss://wsp19.hotjar.com/api/v2/client/ws https://ekr.zdassets.com/ https://reliantdirect.zendesk.com/ wss://ws.hotjar.com/api/v2/client/ws *.googlesyndication.com https://plausible.io/ https://api.feefo.com/ https://media.flixcar.com/ https://collect.feefo.com/  https://availability.loadbee.com/ 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com *.google-analytics.com *.googleadservices.com *.googleapis.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net *.gstatic.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors sid-shop.com 'self' 'unsafe-inline'; 1
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6FuCX3FrvxsylGQjg_kF9oLvwXKEfQ0UzKKm7zsGIzY-1715736697-1.0.1.1-.Xh8lCVwUz8k_d2lujXvVPBu3.s107NJ6s1risP9aIDXdyjtftoULDjWrDekIXTNOdBsWgqcFu9oMiqUiHhyCYhrf7zfV2yETLD7TGSFFJ9SaHUNfZLuxJLQ_G2BHU9o6dlAZcWhxuRgXnggsg3sXw; report-to cf-csp-endpoint 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.pl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.pl *.spreadshirt.pl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.pl ; font-src 'self' https: data: *.spreadshirt.pl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.pl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.pl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-src 'self'; 1
font-src *.cookiefirst.com *.azureedge.net *.google-analytics.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cetelem.es *.cookiefirst.com *.facebook.com *.google-analytics.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com https://backoffice-eu.oct8ne.com *.cookiefirst.com *.facebook.com *.google-analytics.com *.googleapis.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.google.es *.facebook.com *.azureedge.net *.google-analytics.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.sharethis.com *.cookiefirst.com *.facebook.net *.hotjar.com *.adobedtm.com *.oct8ne.com *.google-analytics.com *.googleapis.com wss://ws.hotjar.com landofcoder.com *.mgt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.cookiefirst.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es https://vc-service.saleago.com *.google.com *.cookiefirst.com *.hotjar.io *.hotjar.com *.oct8ne.com *.facebook.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.googleapis.com landofcoder.com https://get.geojs.io *.mgt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; img-src 'self'; report-uri https://vitagreen0.webhook.office.com/webhookb2/708d8612-7b61-436c-a699-9b52eb62a602@fd26d0e3-83a5-4af4-be3d-ad6db612a062/IncomingWebhook/751f27c6c7bf45919ec555eff8c9861c/46fc4634-839b-4c86-bbc7-84d5078e1303 1
default-src 'self' www.welfarepellegrini.it 'unsafe-inline'; script-src 'self' www.google-analytics.com ajax.googleapis.com www.welfarepellegrini.it 'unsafe-inline' 'unsafe-eval'; media-src *; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' www.google.com stats.g.doubleclick.net www.google.it www.google-analytics.com; style-src-elem 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' www.welfarepellegrini.it www.google.com www.google.it 'unsafe-inline' 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.werksraeder24.de data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.werksraeder24.de *.werksraeder24.com *.originelevelgen24.nl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.freshchat.com *.facebook.com optimize.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustedshops.com *.cloudflare.com *.cloudfront.net *.facebook.com *.google.de *.werksraeder24.de *.bing.com *.clarity.ms *.doubleclick.net *.billiger.de *.ytimage.com *.googleoptimize.com *.google-analytics.com *.googletagmanager.com optimize.google.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ cdn.novalnet.de cdn.barzahlen.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.cloudflare.com *.cloudfront.net *.twitter.com *.fontawesome.com *.userlike.com *.amazonaws.com *.trustedshops.com *.facebook.net *.facebook.com *.werksraeder24.de *.freshchat.com *.bing.com *.clarity.ms *.googleoptimize.com optimize.google.com *.googleanalytics.com *.google-analytics.com *.smarketer.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.trustedshops.com *.werksraeder24.de *.freshchat.com *.googleoptimize.com optimize.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.cloudfront.net *.facebook.com *.amazonaws.com *.werksraeder24.de *.googlesyndication.com *.doubleclick.net *.bing.com *.clarity.ms *.trustedshops.com *.etrusted.com *.trustbadge.com *.google-analytics.com ws://127.0.0.1:35729/livereload *.googleoptimize.com *.smarketer.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.werksraeder24.de *.werksraeder24.com *.originelevelgen24.nl *.freshchat.com *.freshworksapi.com *.smarketer.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-4bN1m3oVrc4p6Mjyasjw3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=c1c0e7e4-6dc9-4d12-a893-eee24d745429-1715740051 1
object-src 'none';base-uri 'self';script-src 'nonce-xVeEJKYNqtIrGsb53zLU0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ir6yEpUc95XPVo0ShUpGgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Uqen5lUrgnnijfcEanbG8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-enAn9m1e4SKyKi5UX9sBlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' mcle.org *.mcle.org fonts.googleapis.com *.gstatic.com *.affinipay.com bm-sentry.com code.jquery.com www.googleadservices.com ssl.google-analytics.com *.doubleclick.net *.digicert.com *.norton.com www.google.com; report-uri /bm-test/reportContentSecurityPolicy.cfm 1
script-src 'nonce-675ee482f951cbb3c0e9293d664de04c12c89a066b1bfb2d8fbd94fb707ee9aa' 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.bing.com *.pcapredict.com *.dwin1.com lantern.roeyecdn.com services.postcodeanywhere.co.uk *.facebook.net; object-src 'none'; base-uri 'none'; report-uri /includes/csp_report.php 1
default-src 'self' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com;style-src 'self' 'unsafe-inline' https://ton.twimg.com https://platform.twitter.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com https://dalelane.eu.auth0.com http://embed-assets.wakelet.com http://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://player.vimeo.com https://browser.sentry-cdn.com https://scripts.withcabin.com/hello.js https://machinelearningforkids.co.uk;frame-src 'self' http://embed.wakelet.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://player.vimeo.com https://login.machinelearningforkids.co.uk;img-src 'self' https://auth0.com http://cdn.auth0.com https://cdn.auth0.com https://cdn.eu.auth0.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com data: blob: https://* http://*;worker-src 'self' blob:;font-src 'self' data:;connect-src 'self' https://sentry.io https://ping.withcabin.com https://mlforkids-newnumbers.j8ahcaxwtd1.au-syd.codeengine.appdomain.cloud https://mlforkids-newnumbers.j8clybxvjr0.us-south.codeengine.appdomain.cloud https://mlforkids-newnumbers.j8ayd8ayn23.eu-de.codeengine.appdomain.cloud https://login.machinelearningforkids.co.uk;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
report-uri /es/Error/ReportCPS; 1
object-src 'none';base-uri 'self';script-src 'nonce-nLMmtnkUxjSpGZvld21Yxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' cdn.sanity.io https://www.bigmarker.com *.youtube.com *.ytimg.com *.ggpht.com; script-src 'self' 'unsafe-inline' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com api.segment.io cdn.segment.com fast.wistia.com embed-ssl.wistia.com ; connect-src 'self' *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io noembed.com *.youtube.com *.ytimg.com *.ggpht.com content.hotjar.io *.hotjar.com wss://*.hotjar.com api.segment.io cdn.segment.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com pipedream.wistia.com distillery.wistia.com track.hubspot.com js.hs-banner.com; img-src 'self' data: *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com *.google.com.au *.googletagmanager.com *.redditstatic.com *.reddit.com *.facebook.net *.facebook.com *.ads.linkedin.com snap.licdn.com cdn.linkedin.oribi.io *.clearbit.com cdn.sanity.io *.youtube.com *.ytimg.com *.ggpht.com fast.wistia.com embed-ssl.wistia.com track.hubspot.com js.hs-banner.com; style-src 'self' 'unsafe-inline' data: *.youtube.com *.ytimg.com *.ggpht.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com embed-ssl.wistia.com; frame-ancestors 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-PSya3relFQGzsJT9oVvh6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src * 'unsafe-inline'; default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; frame-src *; img-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.royalmail.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.royalmail.com *.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://www.youtube.com *.royalmail.com *.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.royalmail.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn.powersuite-tools.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.royalmail.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.royalmail.com *.google-analytics.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com powersuite-tools.com *.google.com *.google.co.in *.facebook.com *.royalmail.com *.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.sandbox.paypal.com https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.puresativaworldwide.com/; report-to report-endpoint; 1
font-src *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com account.fetchify.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com https://images.unsplash.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem js-agent.newrelic.com; font-src data: *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://api.ometria.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trustpilot.com https://vars.hotjar.com https://www.paypalobjects.com https://lpcdn.lpsnmedia.net *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://media.festive-lights.com https://www.festive-lights.com https://trk.ometria.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://paypal-eu-arh.cloudiq.com https://lpcdn.lpsnmedia.net https://t.co *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://static.hotjar.com https://script.hotjar.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://cdn.ometria.com https://cdn.cookielaw.org https://ajax.googleapis.com https://festi11112.pcapredict.com https://static.ads-twitter.com https://bat.bing.com https://connect.facebook.net https://www.gstatic.com https://googleads.g.doubleclick.net https://stglite.bglobale.com https://paypal-eu-arh.cloudiq.com https://paypal-eu-cdn.cloudiq.com https://accdn.lpsnmedia.net https://va.v.liveperson.net https://lpcdn.lpsnmedia.net https://static-eu.payments-amazon.com https://analytics.twitter.com *.klarna.com *.klarnacdn.net *.trustpilot.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.googletagmanager.com tagmanager.google.com https://cookie-cdn.cookiepro.com https://eu-library.klarnaservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://optanon.blob.core.windows.net https://stglite.bglobale.com *.trustpilot.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://stats.g.doubleclick.net https://payments-uk.amazon.com *.algolia.io cdn.cookielaw.org cdn.ometria.com *.klarnaevt.com https://*.ingest.sentry.io *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; script-src-elem *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://advanziachat.transcom.com https://dwmvwp56lzq5t.cloudfront.net; img-src * 'self' data:; font-src 'self' https://fonts.gstatic.com; connect-src *; frame-src 'self' https://advanziachat.transcom.com https://td.yieldify.com https://assets.yieldify.com https://app.universign.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.awin1.com https://www.universign.eu; frame-ancestors *; report-uri: /_/csp-reports 1
font-src *.gstatic.com *.stape.io *.fontawesome.com * data: instantcredit.net test.instantcredit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * www.paycomet.com api.paycomet.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.stape.io * www.paycomet.com api.paycomet.com https://plumrocket.com *.sendcloud.sc *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.stape.io * https://www.magezon.com instantcredit.net test.instantcredit.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io * www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.sendcloud.sc https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com * instantcredit.net test.instantcredit.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.google.com *.stape.io https://get.geojs.io *.avada.io * instantcredit.net test.instantcredit.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.customily.com https://*.amazonaws.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ business.facebook.com *.weltpixel.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ business.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-N906U0Qy/zRRVKtBO+Ywr70ZOOZ0PW7I63doVEJqxvI='; base-uri 'self';report-to csp-endpoint 1
font-src *.gstatic.com data: *.fontawesome.com fonts.gstatic.com *.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.designer-images.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de z.moatads.com z.moatads.com/addthismoatframe568911941483/moatframe.js *.stat-track.com polyfill.io *.moosend.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.googleapis.com *.moosend.com *.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.example.com *.stat-track.com *.m-pages.com *.m-operations.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com https://accounts.livechat.com/ data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://accounts.livechat.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com https://accounts.livechat.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://api.addressfinder.io polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com https://www.google.com https://www.gstatic.com *.bpaygroup.com.au js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com https://accounts.livechat.com/ https://bam.nr-data.net/* 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.addtoany.com unsafe-inline assets.braintreegateway.com *.yotpo.com https://accounts.livechat.com/ 'self' 'unsafe-inline'; object-src https://accounts.livechat.com/ 'self' 'unsafe-inline'; media-src *.adobe.com https://accounts.livechat.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com https://accounts.livechat.com/ https://bam.nr-data.net/* 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://bam.nr-data.net/* http: https: blob: 'self' 'unsafe-inline'; default-src https://accounts.livechat.com/ https://bam.nr-data.net/* 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; report-uri https://kus0191w.uriports.com/reports/report; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-Ael2TfLfgFuQYDHDrkb9ZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src https://webcache.datareporter.eu *.datareporter.eu *.fontawesome.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.colop.com maps.gstatic.com maps.googleapis.com api.colop-online.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://static.unzer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com unpkg.com *.colop.com *.datareporter.eu api.colop-online.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com https://webcache.datareporter.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.colop.com api.colop-online.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.colop.com *.datareporter.eu api.colop-online.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.feedbackcompany.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.feedbackcompany.com https://*.tawk.to https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://*.tawk.to https://*.doubleclick.net https://www.facebook.com https://assets.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.feedbackcompany.com 'self' data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.tawk.to https://bat.bing.com https://c.bing.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://tawk.link https://www.google.nl https://www.facebook.com https://i.pinimg.com https://log.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d2a6mddvzruxpc.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.tawk.to https://bat.bing.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://snap.licdn.com https://script.adcalls.nl https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://assets.pinterest.com https://widgets.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://components.vanhelden.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.tawk.to https://v.pinimg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://api.adcalls.nl https://bat.bing.com https://cdn.linkedin.oribi.io https://fonts.gstatic.com https://www.facebook.com wss://*.hotjar.com wss://*.tawk.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://components.vanhelden.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://95179d7c667c69f3ad1bbbf12132d488.report-uri.com/r/d/csp/wizard 1
font-src *.sagepay.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.ipg-online.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.sagepay.com account.fetchify.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googleapis.com *.google.com *.newrelic.com *.facebook.com *.nr-data.net meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com https://cdn.clerk.io *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.cookiepro.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.onetrust.com *.hsforms.net *.hsforms.com *.arcot.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com cc-cdn.com *.bglobale.com *.global-e.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com *.facebook.com *.ipg-online.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.hsforms.net *.unpkg.com *.hscollectedforms.net *.arcot.com *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com *.studentbeans.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri *; font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.hoolah.co *.googletagmanager.com *.facebook.net *.avada.io *.addtoany.com *.alothemes.com *.magepow.com * 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hoolah.co *.addtoany.com *.alothemes.com *.magepow.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com * 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.ccavenue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ccavenue.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.ccavenue.com s7.addthis.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ccavenue.com ekr.zdassets.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://pro.fontawesome.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://widget-v4.tidiochat.com https://www.facebook.com https://www.google.com https://www.google.nl https://bat.bing.com https://www.mollie.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://cdnjs.cloudflare.com http://www.google.com https://www.google.com *.gstatic.com https://chimpstatic.com https://cdn.jsdelivr.net https://connect.facebook.net http://code.tidio.co http://widget-v4.tidiochat.com https://code.tidio.co https://widget-v4.tidiochat.com https://dev.visualwebsiteoptimizer.com https://bat.bing.com https://www.googleoptimize.com https://www.clarity.ms *.fontawesome.com *.googleapis.com *.avada.io js.mollie.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://use.fontawesome.com https://pro.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: https://widget-v4.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://www.google-analytics.com https://stats.g.doubleclick.net wss://socket.tidio.co https://h.clarity.ms http://www.google.nl https://bat.bing.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; report-to https://mercedesforum.report-uri.com/r/d/csp/enforce 1
connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.media.net https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.huffingtonpost.com https://www.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com ; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7m9euvpj483vf&partner=; 1
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 1
upgrade-insecure-requests ; connect-src *.google-analytics.com *googletagmanager.com; default-src 'self' *.healthchoiceaz.com healthchoiceaz.com; font-src *.googleapis.com *googletagmanager.com *.fontawesome.com *.gstatic.com *.typekit.net *.healthchoiceaz.com healthchoiceaz.com 'unsafe-inline' data:; frame-src https://www.google.com; img-src *.healthchoiceaz.com healthchoiceaz.com *.gstatic.com *.google-analytics.com *googletagmanager.com; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' *.healthchoiceaz.com healthchoiceaz.com *.googletagmanager.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.typekit.net *.googleapis.com *.google-analytics.com http: https:; style-src 'unsafe-eval' 'unsafe-inline' *.healthchoiceaz.com healthchoiceaz.com *.googleapis.com *googletagmanager.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.typekit.net; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.perfumeriasunidas.com *.google.com *.google.com.mx *.hubapi.com *.hubspot.com *.hsforms.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.nr-data.net *.newrelic.com *.vnforapps.com *.facebook.com *.facebook.net *.luckyorange.com *.doubleclick.net *.hsleadflows.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.omappapi.com analytics.tiktok.com js.hubspot.com js.usemessages.com plugins-media.makeupar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com unsafe-inline *.omappapi.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.doubleclick.net *.omappapi.com *.luckyorange.com *.hubapi.com *.hubspot.com *.nr-data.net *.newrelic.com analytics.tiktok.com forms.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com js.klevu.com maxcdn.bootstrapcdn.com data: *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * tst.kaptcha.com https://plumrocket.com https://www.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com js.klevu.com *.pinterest.com www.johngreed.com *.klarnacdn.com moogento.com *.moogento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pinterest.com johng11117.pcapredict.com services.postcodeanywhere.co.uk *.klarnaevt.com *.klarnacdn.com *.newrelic.com *.nr-data.net l2.moogento.com https://apis.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com js.klevu.com maxcdn.bootstrapcdn.com services.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com js.klevu.com maxcdn.bootstrapcdn.com *.nr-data.net services.postcodeanywhere.co.uk *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://media.flixcar.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.googleadservices.com www.google-analytics.com rt.flix360.com https://media.flixfacts.com/ https://media.flixcar.com/ *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.googleadservices.com www.google-analytics.com https://media.flixfacts.com/ https://media.flixcar.com/ https://ipgtest.monri.com/ https://ipg.monri.com/ *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://media.flixfacts.com/ https://media.flixcar.com/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.google-analytics.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com tvaztecaguate.com platform.instagram.com www.googletagmanager.com *.doubleclick.net www.google.com *.googlesyndication.com pixel.wp.com i1.wp.com www.youtube.com i2.wp.com *.twitter.com *.gstatic.com *.facebook.net stats.wp.com maxcdn.bootstrapcdn.com eu2.indigitall-cdn.com eu2.device-api.indigitall.com secure.gravatar.com www.google.com.gt www.google.com.mx www.googleoptimize.com www.instagram.com *.googleapis.com fundingchoicesmessages.google.com *.facebook.com i0.wp.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.itemis.com data:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none' 1
img-src https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogiclongterm.s3.amazonaws.com/ITRC/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicstream.s3.amazonaws.com/ITRC/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google.com *.facebook.net *.googleapis.com apis.google.com www.googletagmanager.com www.mtf.co.id *.doubleclick.net www.google.co.id *.facebook.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-QSNppwW3pDl9ae4erUO1pQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https://heinztohome.co.uk https://m.heinztohome.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://static.thcdn.com https://static.thgcdn.cn https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://heinztohome.co.uk/cspReport.txt; 1
font-src fonts.gstatic.com use.typekit.net googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com vimeo.com *.hotjar.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com https://d1eoo1tco6rr5e.cloudfront.net/ https://adservices.brandcdn.com/ *.paypal.com *.sandbox.paypal.com *.apsclicktopay.com *.dotdigital-pages.com *.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.googleadservices.com *.googleapis.com *.paypal.com *.paypalobjects.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com *.facebook.com https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://pixel.rubiconproject.com/ https://hb.yahoo.net/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://loadm.exelator.com/ https://mid.rkdms.com/ https://load77.exelator.com/ https://uipglob.semasio.net/ https://eb2.3lift.com/ https://ads.scorecardresearch.com/ https://i.liadm.com/ https://i6.liadm.com/ https://tags.rd.linksynergy.com/ https://match.sharethrough.com/ https://idpix.media6degrees.com/ https://dsum-sec.casalemedia.com/ https://x.bidswitch.net/ https://dmp.truoptik.com/ https://secure.insightexpressai.com/ https://simage2.pubmatic.com/ https://bidagent.xad.com/ *.google.co.in/ https://match.sync.ad.cpe.dotomi.com/ https://onetag-sys.com/ https://avd.innity.com/ *.trackedlink.net addevent.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net use.typekit.net *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://connect.facebook.net https://*.hotjar.com 'unsafe-inline' *.googleadservices.com googleapis.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.paypalobjects.com *.googleapis.com *.google.com *.gstatic.com https://p.typekit.net/ https://use.typekit.net https://*.hotjar.com http://adservices.brandcdn.com/ http://tag.brandcdn.com/ https://kadromm.atlassian.net/ addevent.com https://cdn.addevent.com/ https://*.addevent.com/ https://duplin-winery.disqus.com/ *.apsclicktopay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal 'self' data: maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://*.hotjar.com https://p.typekit.net/ https://use.typekit.net/ *.apsclicktopay.com getfirebug.com googleapis.com addevent.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com commerce.adobe.io performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.sentry.io *.sharethis.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://stats.g.doubleclick.net/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-zsJY+kYyp9/2yrXbDZEizpajfe+j2mwetW67B5l4+Zs='; base-uri 'self';report-to csp-endpoint 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.typekit.net *.googleapis.com *.easypack24.net *.ekomiapps.de data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com static.payu.com *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.magentocommerce.com *.imgur.com *.ekomiapss.de *.ekomiapps.de *.pixabay.com *.amazonaws.com *.placeholder.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com www.googletagmanager.com *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.cardinalcommerce.com *.authorize.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com *.ekomiapss.de *.ekomiapps.de *.easypack24.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.ekomiapps.de *.easypack24.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.paypal.com *.ekomiapps.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.openstreetmap.org *.paypal.com *.facebook.com *.ekomiapps.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-nWDYvkee3sZwgHC0ntazNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelassociates.com:*; frame-ancestors *.calypso.net.au *.travelassociates.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
object-src 'none';base-uri 'self';script-src 'nonce-MPEUFXDL5-vK2XOaRpJR7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' * data: *; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data: *; frame-src 'self' * data: *; font-src 'self' 'unsafe-inline' * data: *; connect-src 'self'  'unsafe-inline' *; report-uri /admin/config/system/seckit/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-w6AS0svdJKEu1UwjP3liYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-abygDLyjV6gZ9UY-UCEGnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Ml_YOXi6LWL4d0UKvdL7TA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Z4D4wBRvepHpSy-19y_93A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'nonce-z0hQ8UPbC54lgZ903BhB/g==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://sentry.io/api/1258985/security/?sentry_key=1891ca9ff5bc416bbb0349a074c3b41f 1
object-src 'none';base-uri 'self';script-src 'nonce-rGln7HcXN7x1SRylm9GYbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bp9iWh809CExEQwkcha8Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-p9rRS-CLs0GCG_K4T6LU_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WOSJtLv0HHxW1_aAzz7-JA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self'  https://cdn.jsdelivr.net https://cdn.neverbounce.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.nrgincharge.gr 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-t41OGGmWdc8cy0GVdW4S_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-_gaQ_l1GNO2deYLNYJvFOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-GW-zFWzmG0BDICO3eaXUBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com *.tiktok.com *.facebook.com o2.mouseflow.com *.doubleclick.net *.gstatic.com www.google.com.sg stackpath.bootstrapcdn.com tags.srv.stackadapt.com www.google.com cdn.insight.sitefinity.com *.linkedin.com *.googleadservices.com *.vimeo.com sp.analytics.yahoo.com tr.lfeeder.com analytics.google.com *.outbrain.com cdn.mouseflow.com www.google-analytics.com *.facebook.net uat-eastspring.devtpit.com eastspring.qumucloud.com img.eastspring.com adservice.google.com ik.imagekit.io cdn.jsdelivr.net lftracker.leadfeeder.com www.googletagmanager.com *.googleapis.com www.google.com.hk *.licdn.com s.yimg.com www.google.com.my code.jquery.com web.mxradon.com cdn.qumucloud.com api.insight.sitefinity.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' https://intelligence.airbus.com https://cdn.cookielaw.org https://*.onetrust.com https://*.fontawesome.com https://storage.googleapis.com https://intelligence-airbusds.piwik.pro https://intelligence-airbusds.containers.piwik.pro https://www.google-analytics.com https://api.hubspot.com https://forms.hscollectedforms.net https://forms.hubspot.com *.hubspot.com *.hsforms.com px.ads.linkedin.com https://td.doubleclick.net www.youtube.com youtube.com *.youtube-nocookie.com https://pagead2.googlesyndication.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com www.google.com google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com www.googleadservices.com *.g.doubleclick.net adservice.google.com *.google.com google.fr *.google.fr; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cookielaw.org https://www.googletagmanager.com px.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com *.hsforms.com *.hsforms.net px4.ads.linkedin.com https://storage.googleapis.com https://forms-na1.hsforms.com js.hscta.net no-cache.hubspot.com	*.hubspot.com https://www.google.fr https://www.google.com https://*.hotjar.com https://i.ytimg.com https://tile.openstreetmap.org openstreetmap.org https://*.amazonaws.com www.linkedin.com linkedin.com fonts.gstatic.com www.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookielaw.org https://intelligence-airbusds.containers.piwik.pro https://js.hsforms.net https://js.hs-scripts.com https://*.onetrust.com/ https://*.fontawesome.com https://www.google-analytics.com https://snap.licdn.com https://js.hs-analytics.net https://js.usemessages.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com js.hscta.net *.hubspot.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com https://www.youtube.com https://pagead2.googlesyndication.com https://www.google.com https://www.gstatic.com https://*.doubleclick.net https://www.linkedin.com https://*.hotjar.com www.googleadservices.com; font-src 'self' 'unsafe-eval' data: https://*.fontawesome.com https://*.hotjar.com fonts.googleapis.com github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fontawesome.com fonts.googleapis.com www.google-analytics.com google-analytics.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-u2Uu0Ew1xAztBr-2dc7srQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.mercadolibre.com *.cookiebot.com *.googletagmanager.com *.pagar.me *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io https://docs.google.com www.searchanise.com *.searchserverapi.com *.twitter.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.googleadservices.com *.google-analytics.com *.google.com.br cdn.mundipagg.com api.pagar.me *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com http://www.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com *.mlstatic.com *.mercadopago.com https://www.googleoptimize.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ http://www.google-analytics.com/ http://www.googleadservices.com/ https://www.i-goal.com.br/ https://static.i-goal.com.br/ http://www.paypal.com/ http://www.facebook.com/ https://js-agent.newrelic.com/ https://vfr-v3-production.sizebay.technology/ https://maps.google.com/ https://www.google.com/ *.cloudfront.net *.facebook.net *.tolvnow.com searchserverapi.com *.clarity.ms *.avada.io 3ds2.pagar.me 3ds2-sdx.pagar.me searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.pagseguro.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com *.jsdelivr.net/ *.cloudflare.com/ *.googleapis.com *.cloudfront.net *.tolvnow.com *.gstatic.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.mercadopago.com *.mercadolibre.com https://www.google-analytics.com/ *.facebook.com https://viacep.com.br *.tolvnow.com *.edrone.me *.clarity.ms https://get.geojs.io *.avada.io api.mundipagg.com api.pagar.me *.gstatic.com api.amplitude.com stats.g.doubleclick.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.gstatic.com data: *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: https://*.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://*.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io *.meetanshi.com https://cdnjs.cloudflare.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://*.cookielaw.org https://*.addtoany.com https://1map.com https://www.googletagmanager.com tagmanager.google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.addtoany.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com https://*.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io http://dpm.demdex.net *.meetanshi.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://*.cookielaw.org https://www.google-analytics.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.apotheka.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net rx.apotheka.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.apotheka.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.apotheka.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net static.lipscore.com https://*.googleapis.com https://*.gstatic.com https://*.cg.no data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.klarna.com *.nosto.com *.nos.to https://*.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com *.nosto.com *.nos.to https://*.googletagmanager.com https://*.nosto.com https://*.vaimo.net https://*.cg.no https://*.klarnacdn.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.plugins.emarsys.net *.scarabresearch.com *.klarna.com *.klarnacdn.net *.klarnaservices.com static.lipscore.com *.nosto.com *.nos.to https://widget.postenlabs.no/ https://*.googletagmanager.com https://*.nosto.com https://*.adt313.net https://*.google.com https://*.gstatic.com https://*.adyen.com https://*.cg.no https://*.newrelic.com https://*.nr-data.net https://*.klarnacdn.net https://*.porterbuddy.com https://*.connect.facebook https://*.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.klarnacdn.net static.lipscore.com *.nosto.com *.nos.to https://widget.postenlabs.no/assets/ https://*.googleapis.com https://*.cg.no https://*.porterbuddy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.scarabresearch.com *.eservice.emarsys.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com wapi.lipscore.com users.lipscore.com *.nosto.com *.nos.to https://widget.postenlabs.no/ https://widget.bring.services/api/ https://*.google-analytics.com https://*.nr-data.net https://*.klarnacdn.net https://*.klarnaevt.com https://*.nosto.com https://*.connect.facebook https://*.google.com https://*.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.fonts.gstatic.com oct8necdneu.azureedge.net *.accelasearch.io *.accelasearch.net applepay.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.twitter.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.iubenda.com *.twitter.com *.oct8ne.com *.nexi.it www.google.com *.youtube.com api.payplug.com secure.payplug.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com ebizmarts-website.s3.amazonaws.com *.iubenda.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.camo.githubusercontent.com oct8necdneu.azureedge.net *.ecommerce.nexi.it *.amcglobal.sc.omtrdc.net action-wear.com maps.gstatic.com media.action-wear.com *.accelasearch.io *.accelasearch.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.chimpstatic.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com ws10b.cvetta.io *.iubenda.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.avada.io static-eu.oct8ne.com *.cdnjs.cloudflare.com unpkg.com maps.googleapis.com *.nexi.it cdn.jsdelivr.net www.googletagmanager.com chimpstatic.com *.accelasearch.io *.accelasearch.net api.payplug.com applepay.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.fonts.googleapis.com unpkg.com *.iubenda.com cdn.jsdelivr.net media.action-wear.com *.accelasearch.io *.accelasearch.net 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com int-ecommerce.nexi.it ecommerce.nexi.it *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.iubenda.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com https://get.geojs.io *.avada.io *.oct8ne.com *.oct8neeufrontal3microservicescheckdomain.azurewebsites.net *.nexi.it maps.googleapis.com prezzi.crmcag.it prezzi.crmcag.it:8088 *.accelasearch.io *.accelasearch.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/camac/endpoint; report-to report-endpoint; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com *.googleapis.com dov2wmtwbx0y8.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors dov2wmtwbx0y8.cloudfront.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.awin1.com *.zenaps.com https://www.magezon.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google.ru *.google.ru google.com.ua *.google.com.ua google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net babauba.de 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google-analytics.com *.google-analytics.com doubeclick.net *.doubeclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net *.newrelic.com bam.eu01.nr-data.net https://www.googletagmanager.com https://polyfill.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.cloudflare.com www.xtento.com cdn.xtento.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; object-src dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; manifest-src dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.doubleclick.net google-analytics.com *.google-analytics.com *.newrelic.com bam.eu01.nr-data.net t.elasticsuite.io *.trustedshops.com *.etrusted.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com dov2wmtwbx0y8.cloudfront.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn.mundipagg.com api.pagar.me 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.mundipagg.com api.pagar.me t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.hotjar.com *.klevu.com *.typekit.net *.klaviyo.com *.sharethis.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.klaviyo.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.google.com *.hotjar.com *.addthis.com *.klaviyo.com *.sharethis.com *.fetchify.com account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.bing.com *.klevu.com *.doubleclick.net *.thegrasspeople.com *.icanlawn.com https://icanlawn.com *.feefo.com *.klaviyo.com *.sharethis.com *.google.co.uk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.feefo.com *.klaviyo.com *.sharethis.com *.bing.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googleadservices.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.sagepay.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.what3words.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com *.klaviyo.com *.sharethis.com *.feefo.com downloads.mailchimp.com cc-cdn.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.feefo.com *.klaviyo.com *.sharethis.com *.bing.com *.googlesyndication.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.sagepay.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.what3words.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-s6-KPzzPHKgqR8DvBWiBQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.international-bahn.de *.gstatic.com js.hcaptcha.com www.bahn.de newassets.hcaptcha.com secure.pay1.de jsctool.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com;   default-src 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.tiqcdn.com https://*.tdameritrade.wallst.com https://*.bing.com https://*.googletagmanager.com https://*.facebook.net https://*.inq.com https://*.wsod.com https://*.ads-twitter.com https://*.adsrvr.com https://*.everestjs.net https://*.rcrsv.io https://*.quantserve.com https://*.appdynamics.com https://*.googleadservices.com https://*.quantcount.com https://*.adsrvr.org https://*.doubleclick.net https://*.wsod.com https://*.betrad.com https://trkn.us https://*.associatesys.local https://*.omtrdc.net https://*.demdex.net https://*.iteclientsys.local https://*.googleapis.com https://*.gstatic.com  https://everesttech.net;  script-src 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.tiqcdn.com https://*.tdameritrade.wallst.com https://*.bing.com https://*.googletagmanager.com https://*.facebook.net https://*.inq.com https://*.wsod.com https://*.ads-twitter.com https://*.adsrvr.com https://*.everestjs.net https://*.rcrsv.io https://*.quantserve.com https://*.appdynamics.com https://*.googleadservices.com https://*.quantcount.com https://*.adsrvr.org https://*.g.doubleclick.net https://*.wsod.com https://*.googleapis.com https://nebula-cdn.kampyle.com  https://c.evidon.com/geo/country.js https://tags.tiqcdn.com/utag/tdameritrade/veoone/qa/utag.sync.js https://nebula-cdn.kampyle.com/wu/620223/onsite/embed.js 'unsafe-eval' 'unsafe-inline';    connect-src 'self' https://*.iteclientsys.local https://dpm.demdex.net;    img-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.everesttech.net https://analytics.twitter.com https://match.adsrvr.org https://pixel.advertising.com  https://ps.eyeota.net https://cms.analytics.yahoo.com https://fei.pro-market.net https://ads.scorecardresearch.com https://ag.innovid.com https://dptr.areyouahuman.com https://pxl.jivox.com https://mid.rkdms.com https://dpm.demdex.net;    style-src 'self' 'unsafe-inline' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.googleapis.com https://*.rcrsv.io ;     font-src 'self' https://*.tdainstitutional.com https://dpm.demdex.net; report-uri /csp-report/report 1
object-src 'none';base-uri 'self';script-src 'nonce-mYgEgapcSuvbSb1Q9hRgVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-W29RbJVxB96EzWAtWpR6QQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-HxEe9H-_rpzO3t2C8CHJ9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-linr8udr4jHB19rClgIQrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-OH6RiuLQ8FRoVms7HHQ0sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nQo4EUFQCwb5aeYUrnGWqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wikibooks.org en.wikinews.org en.wikiquote.org en.wikisource.org en.wikiversity.org en.wikivoyage.org en.wiktionary.org www.mediawiki.org api.wikimedia.org commons.wikimedia.org foundation.wikimedia.org incubator.wikimedia.org species.wikimedia.org wikimania.wikimedia.org www.wikidata.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikifunctions.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src 'self' *.google.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.quillbot.com *.quillbot.dev *.amplitude.com *.google.co.in *.google.com *.bing.com *.linkedin.com *.snapchat.com *.licdn.com sc-static.net *.googletagmanager.com *.cloudflareinsights.com *.gstatic.com *.cookielaw.org *.quora.com *.redditstatic.com *.partnerstack.com *.datadoghq-browser-agent.com *.google-analytics.com *.clarity.ms *.hotjar.com *.googleadservices.com *.chargebee.com *.fontawesome.com *.stripe.com *.zdassets.com *.sentry-cdn.com *.taboola.com *.facebook.net ;style-src www.gstatic.com accounts.google.com *.quillbot.dev *.quillbot.com 'unsafe-inline' *.chargebee.com *.googleapis.com *.fontawesome.com *.paypalobjects.com ;img-src 'self' * quillbot.com *.quillbot.com *.cookielaw.org *.gstatic.com *.quora.com *.google-analytics.com *.reddit.com *.quillbot.dev *.linkedin.com *.bing.com *.google.co.in *.googletagmanager.com *.googleapis.com *.doubleclick.net *.googleusercontent.com *.clarity.ms *.grammarly.com data: blob:  *.google.ae *.google.ca *.google.co.id *.google.co.in *.google.co.jo *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.ng *.google.co.nz *.google.co.th *.google.co.tz *.google.co.uk *.google.co.uz *.google.co.za *.google.co.za *.google.com.ae *.google.com.au *.google.com.bd *.google.com.br *.google.com.br *.google.com.co *.google.com.co *.google.com.eg *.google.com.et *.google.com.gh *.google.com.hk *.google.com.id *.google.com.kh *.google.com.mm *.google.com.mx *.google.com.my *.google.com.ng *.google.com.np *.google.com.np *.google.com.om *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.uz *.google.com.vn *.google.com *.google.com *.google.de *.google.dz *.google.es *.google.es *.google.fr *.google.ie *.google.iq *.google.lk *.google.mu *.google.nl *.google.pt *.google.rw *.google.tn *.gravatar.com;font-src * *.gstatic.com 'self' *.quillbot.com *.paypalobjects.com *.fontawesome.com data:;connect-src * 'self' *.googleapis.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev *.onetrust.com *.redditstatic.com *.linkedin.com partnerlinks.io grsm.io *.bing.com *.browser-intake-datadoghq.com *.clarity.ms *.google-analytics.com *.hotjar.io *.google.ae *.google.ca *.google.co.id *.google.co.in *.google.co.jo *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.ng *.google.co.nz *.google.co.th *.google.co.tz *.google.co.uk *.google.co.uz *.google.co.za *.google.co.za *.google.com.ae *.google.com.au *.google.com.bd *.google.com.br *.google.com.br *.google.com.co *.google.com.co *.google.com.eg *.google.com.et *.google.com.gh *.google.com.hk *.google.com.id *.google.com.kh *.google.com.mm *.google.com.mx *.google.com.my *.google.com.ng *.google.com.np *.google.com.np *.google.com.om *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.uz *.google.com.vn *.google.com *.google.com *.google.de *.google.dz *.google.es *.google.es *.google.fr *.google.ie *.google.iq *.google.lk *.google.mu *.google.nl *.google.pt *.google.rw *.google.tn *.googleadservices.com *.zdassets.com *.taboola.com *.gstatic-cache.com *.coursehero.com;child-src * blob:;media-src *.wikimedia.org data:;worker-src blob:;frame-ancestors 'self';frame-src 'self' *.opendns.com *.zscaler.com *.zscaler.net *.zscloud.net *.quillbot.com *.google.com *.chargebee.com *.snapchat.com *.stripe.com *.youtube.com *.securly.com *.learneo.com;form-action 'self' *.quillbot.com;manifest-src 'self' *.quillbot.com;report-uri https://sentry-webapp.quillbot.com/api/2/security/?sentry_key=5743ef12f4887fc460c7968ebb2de54d 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.digitalbridgehq.com *.elev.io *.fixtuur.com *.goinstore.com *.honey.io *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.facebook.com *.realexpayments.com *.touch.tech www.google.com accounts.google.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.google.com *.doubleclick.net www.facebook.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com https://plumrocket.com *.acdcproc.com *.addthis.com *.americanexpress.com *.arcot.com *.braintreegateway.com *.cardinalcommerce.com *.clearpay.co.uk *.criteo.com *.criteo.net *.digitalbridgehq.com *.fixtuur.com *.flashtalking.com *.google.co.uk *.googlesyndication.com *.hotjar.com *.jotform.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.lloydsbankinggroup.com *.modirum.com *.monzo.com *.paypal.com *.pinterest.com *.playground.klarna.com *.playground.klarnaservices.com *.realexpayments.com *.rsa3dsauth.co.uk *.sandbox.paypal.com *.touch.tech *.zenaps.com ct.pinterest.com servedby.flashtalking.com accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.afterpay.com https://site-assets.afterpay.com/ connect.facebook.net graph.facebook.com business.facebook.com *.360yield.com *.addthis.com *.adform.net *.adnxs.com *.ads.yieldmo.com *.advertising.com *.amazon-adsystem.com *.amazonaws.com *.awin1.com *.bidswitch.net *.bing.com *.bluekai.com *.bnmla.com *.casalemedia.com *.creativecdn.com *.criteo.com *.criteo.net *.digitaleast.mobi *.dmxleo.com *.elfsight.com *.elfsightcdn.com *.exelator.com *.goinstore.com *.google.com *.googleapis.com *.honey.io *.imrworldwide.com *.ivitrack.com *.liadm.com *.mediavine.com *.mediawallahscript.com *.modafurnishings.co.uk *.narrative.io *.outbrain.com *.pinterest.com *.pubmatic.com *.revcontent.com *.rubiconproject.com *.semasio.net *.smaato.net *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.tapad.com *.thebrighttag.com *.tvsquared.com *.twiago.com *.yahoo.com *.yieldlab.net *.zdassets.com *.zemanta.com *.zenaps.com *.zendesk.com bat.bing.com beacon.krxd.net contextual.media.net coviyr.modafurnishings.co.uk criteo-partners.tremorhub.com criteo-sync.teads.tv eb2.3lift.com google.com id5-sync.com jadserve.postrelease.com maps.googleapis.com match.sharethrough.com static.elfsight.com visitor.omnitagjs.com www.coupert.com www.google.ae www.google.cn www.google.co.in www.google.co.ma www.google.co.uk www.google.co.za www.google.com.ag www.google.com.au www.google.com.bd www.google.com.eg www.google.com.lb www.google.com.my www.google.com.ph www.google.com.sa www.google.com.tr www.google.com.ua www.google.de www.google.es www.google.fr www.google.gg www.google.im www.google.it www.google.je www.google.lu www.google.nl accounts.google.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com *.app-us1.com *.bing.com *.craftyclicks.co.uk *.criteo.com *.criteo.net *.digitalbridgehq.com *.dwin1.com *.dynamicyield.com *.elev.io *.elfsight.com *.finance-calculator.co.uk *.fixtuur.com *.goinstore.com *.hotjar.com *.jsdelivr.net *.newrelic.com *.nr-data.net *.opentok.com *.pennies.org.uk *.pinimg.com *.responsetap.com *.sciencebehindecommerce.com *.tvsquared.com *.vimeo.com *.zdassets.com *.zenaps.com trackcmp.net accounts.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cc-cdn.com *.braintreegateway.com *.digitalbridgehq.com *.finance-calculator.co.uk *.fixtuur.com *.goinstore.com *.google.com *.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net www.google.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.addthis.com *.amazonaws.com *.analytics.google.com *.app-us1.com *.bing.com *.cardinalcommerce.com *.clearpay.co.uk *.digitalbridgehq.com *.doubleclick.net *.dynamicyield.com *.elev.io *.elfsight.com *.finance-calculator.co.uk *.fixtuur.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.jsdelivr.net *.loggly.com *.my.sentry.io *.nr-data.net *.pennies.org.uk *.pinterest.com *.sciencebehindecommerce.com *.sentry.io *.smooch.io *.tokbox.com *.trustpilot.com *.ucweb.com *.zdassets.com *.zendesk.com *.zuko.io adservice.google.com bat.bing.com eu.prd.impact.fixtuur.com maps.googleapis.com www.google.co.uk www.google.it www.google.je www.google.nl www.wepowerconnections.com accounts.google.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-2RbhYdXW9POn6xdIzv-dCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-EaCUxgFJL_ARpbYSq7Pbsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-koBCJ9E37DsWj8tLAPqSXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-60DSSxMwgidDogO36H_8fQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IG-M6LXv5htN5xDOmbCLJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-XRr6ZfI80TLXJ4lrlX4JRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nYeKp-4oiIuCAXcyowgtIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-mQAgLCqX48Jpd9taJCSIMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; base-uri 'none'; script-src 'nonce-58380c2f6d1754b0b70e5efb6d172aeb' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; 1
object-src 'none';base-uri 'self';script-src 'nonce-oNeXx0lrIVdE5QmoyCUDJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-jqaiYtfIhqyrm0dKRnDftQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g1O63vCtwT7NVnb_VrF7lg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tGbQT5dF1lrHtDaVep-pZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TuqOJ_5MWrehVvSQdEnMQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-65Ep_4i8epYnXdpk2RHB6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self' ; connect-src 'self'  https://www.google-analytics.com google-analytics.com analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://s.cadent.bloomberglaw.com https://a.blaw.com/2/httpapi https://dpm.demdex.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.px-cloud.net https://collector-pxwjdtmg7v.pxchk.net flo.uri.sh https://www.bbthat.com; default-src 'self' https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com; form-action 'self' https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://platform.twitter.com https://syndication.twitter.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/collect https://dpm.demdex.net https://cm.everesttech.net https://bloomberg-bna-brightspot-lower.s3.amazonaws.com https://db0ip7zd23b50.cloudfront.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://*.googlesyndication.com https://www.google.com/ads/measurement/ https://googleads.g.doubleclick.net/pagead/interaction/ https://storymaps.arcgis.com https://public.flourish.studio https://cdn.knightlab.com https://megaphone.imgix.net https://www.omnycontent.com public.flourish.studio https://syndication.twitter.com; sandbox 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com/analytics.js https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com 'nonce-2726c7f26c' https://www.googletagservices.com https://*.googlesyndication.com http://client.px-cloud.net public.flourish.studio https://connect.facebook.net https://platform.twitter.com  https://cdn.syndication.twimg.com googletagmanager.com www.googletagmanager.com 'nonce-envVars' 'nonce-tophat' 'nonce-apollo'; report-uri https://news-api.bloomberglaw.com/v1/report/csp; frame-src https://bureauofnationalaffairs.demdex.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://*.googlesyndication.com https://www.google.com/ https://storymaps.arcgis.com https://public.flourish.studio https://cdn.knightlab.com https://www.youtube-nocookie.com https://playlist.megaphone.fm https://player.megaphone.fm https://players.brightcove.net https://www.youtube.com https://www.omnycontent.com https://platform.twitter.com https://syndication.twitter.com; frame-ancestors https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com; media-src https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://playlist.megaphone.fm https://player.megaphone.fm https://players.brightcove.net https://www.omnycontent.com; style-src https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com 'self' 'unsafe-inline' https://assets.bwbx.io https://fonts.googleapis.com; font-src 'self' https://assets.bwbx.io https://fonts.googleapis.com https://fonts.gstatic.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-l-C4V4_3cAL3R8N300D9sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src 'self' data: https://secure.gravatar.com  https://a9f78d.p3cdn1.secureserver.net  https://www.googletagmanager.com  https://forms-na1.hsforms.com  https://forms.hsforms.com  https://track.hubspot.com  https://www.facebook.com  https://i.ytimg.com  https://s.w.org  https://builder-assets.unbounce.com  https://d9hhrg4mnvzow.cloudfront.net  https://events.ub-analytics.com  https://demos.wpbeaverbuilder.com  https://pd.w.org  https://maps.googleapis.com  https://demo.wdsgallery.com  https://www.wpbeaverbuilder.com  https://www.google-analytics.com  https://connect.facebook.net  https://region1.google-analytics.com  blob:  https://ps.w.org  https://img.rawpixel.com  https://cdn.honey.io  https://fonts.gstatic.com  hhttps  https://uploads-ssl.webflow.com  https://ds9ywulh7jrls.cloudfront.net  https://analytics.tiktok.com  https://googleads.g.doubleclick.net  https://www.google.com  https://www.gstatic.com  https://translate.google.com  https://translate.googleapis.com  https://youtu.be  https://adservice.google.com  https://exceptions.hs-embed-reporting.com  https://8bf.bee.myftpupload.com  https://forms.hscollectedforms.net  https://maps.gstatic.com  https://c.clarity.ms  https://c.bing.com  https://px.ads.linkedin.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://a9f78d.p3cdn1.secureserver.net  https://img1.wsimg.com  https://www.googletagmanager.com  https://js.hsforms.net  https://js.hs-scripts.com  https://static.hotjar.com  https://connect.facebook.net  https://js.hs-banner.com  https://js.hs-analytics.net  https://js.hscollectedforms.net  https://script.hotjar.com  https://www.comeet.co  https://maps.googleapis.com  https://js.hubspot.com  https://d1wbjksx0xxdn3.cloudfront.net  https://builder-assets.unbounce.com  https://js-na1.hs-scripts.com  https://captcha.wpsecurity.godaddy.com  https://platform.twitter.com  https://www.facebook.com  https://cdn.jsdelivr.net  https://conoret.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdnjs.cloudflare.com  https://img6.wsimg.com  https://ds9ywulh7jrls.cloudfront.net  https://analytics.tiktok.com  https://new.localizeos.com  https://www.googleadservices.com  https://www.google.com  https://www.gstatic.com  https://translate.google.com  https://translate-pa.googleapis.com  https://translate.googleapis.com  https://hcaptcha.com  https://www.clarity.ms  https://snap.licdn.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://a9f78d.p3cdn1.secureserver.net  https://img1.wsimg.com  https://www.googletagmanager.com  https://js.hsforms.net  https://js.hs-scripts.com  https://static.hotjar.com  https://connect.facebook.net  https://js.hs-banner.com  https://js.hs-analytics.net  https://js.hscollectedforms.net  https://script.hotjar.com  https://www.comeet.co  https://maps.googleapis.com  https://js.hubspot.com  https://d1wbjksx0xxdn3.cloudfront.net  https://builder-assets.unbounce.com  https://js-na1.hs-scripts.com  https://captcha.wpsecurity.godaddy.com  https://platform.twitter.com  https://www.facebook.com  https://cdn.jsdelivr.net  https://conoret.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://cdnjs.cloudflare.com  https://img6.wsimg.com  https://ds9ywulh7jrls.cloudfront.net  https://analytics.tiktok.com  https://new.localizeos.com  https://www.googleadservices.com  https://www.google.com  https://www.gstatic.com  https://translate.google.com  https://translate-pa.googleapis.com  https://translate.googleapis.com  https://hcaptcha.com  https://www.clarity.ms  https://snap.licdn.com ; style-src 'self' 'unsafe-inline' https://a9f78d.p3cdn1.secureserver.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://www.comeet.com  https://builder-assets.unbounce.com  blob:  https://fonts.ub-assets.com  https://cdn.honey.io  https://www.googletagmanager.com  https://adblockers.opera-mini.net  https://www.gstatic.com  https://ds9ywulh7jrls.cloudfront.net ; style-src-elem 'self' 'unsafe-inline' https://a9f78d.p3cdn1.secureserver.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://www.comeet.com  https://builder-assets.unbounce.com  blob:  https://fonts.ub-assets.com  https://cdn.honey.io  https://www.googletagmanager.com  https://adblockers.opera-mini.net  https://www.gstatic.com  https://ds9ywulh7jrls.cloudfront.net ; connect-src 'self' https://events.api.secureserver.net  https://forms.hsforms.com  https://www.google-analytics.com  https://forms.hscollectedforms.net  https://vc.hotjar.io  https://in.hotjar.com  https://content.hotjar.io  wss://ws.hotjar.com  https://metrics.hotjar.io  https://www.facebook.com  https://yoast.com  https://maps.googleapis.com  https://region1.google-analytics.com  https://exceptions.hubspot.com  https://hubspot-forms-static-embed.s3.amazonaws.com  https://a9f78d.p3cdn1.secureserver.net  https://img6.wsimg.com  https://js.hscollectedforms.net  properties  https://doublestat.info  https://graph.facebook.com  https://wpnux.godaddy.com  https://ds9ywulh7jrls.cloudfront.net  https://analytics.tiktok.com  https://adservice.google.com  https://translate.googleapis.com  https://www.google.com  https://wzrd.in  https://www.googletagmanager.com  https://j.clarity.ms  https://w.clarity.ms  https://u.clarity.ms  https://q.clarity.ms  https://z.clarity.ms  https://o.clarity.ms  https://p.clarity.ms  https://x.clarity.ms  https://s.clarity.ms  https://v.clarity.ms  https://y.clarity.ms  https://k.clarity.ms  https://n.clarity.ms  https://e.clarity.ms  https://t.clarity.ms  https://f.clarity.ms  https://r.clarity.ms  https://i.clarity.ms  https://b.clarity.ms  https://h.clarity.ms  https://d.clarity.ms  https://m.clarity.ms  https://l.clarity.ms  https://px.ads.linkedin.com;  frame-src 'self' https://www.facebook.com  https://static.hsappstatic.net  https://app.hubspot.com  https://www.youtube.com  https://player.vimeo.com  https://platform.twitter.com  https://mozbar.moz.com  https://forms.hsforms.com  data:  https://block.opendns.com  https://www.google.com  https://youtu.be  https://m.youtube.com  https://www.googletagmanager.com  https://web.facebook.com  https://td.doubleclick.net  https://www.comeet.com;  font-src 'self' https://a9f78d.p3cdn1.secureserver.net  https://fonts.gstatic.com  data:  https://cdnjs.cloudflare.com  https://fonts.ub-assets.com  https://img1.wsimg.com  https://www.slant.co  https://use.typekit.net  https://api.rabatta.app  https://rsms.me;  media-src 'self' data:  https://upload.wikimedia.org  https://ssl.gstatic.com  https://youtu.be;  worker-src 'self' blob:;  report-uri https://8bf.bee.myftpupload.com/wp-json/rsssl/v1/csp?rsssl_apitoken=368592691; 1
object-src 'none';base-uri 'self';script-src 'nonce-SJCS_zSrPmJlvUtdwlVTgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-C767a7sznMEGomBSuAJ0p+4nkBqPIh6IoUjKk3MaJ5U='; base-uri 'self';report-to csp-endpoint 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-Gp/03JHg7o2Mc8knBxHnTooLeQw/i+BhfxCu2AXoWfs='; base-uri 'self';report-to csp-endpoint 1
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; frame-ancestors 'self' 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: https://surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com connect.facebook.net graph.facebook.com business.facebook.com mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar connect.facebook.net graph.facebook.com business.facebook.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com https://agentcore.s3.amazonaws.com https://www.google.com.ar https://c.clarity.ms https://c.bing.com https://www.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com https://www.google.com.ar *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com https://cdn.agentbot.net https://agentcore.s3.amazonaws.com https://www.googleoptimize.com https://www.clarity.ms https://survey.survicate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://agentcore.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com performance.typekit.net commerce.adobe.net api.comapi.com bam.nr-data.net *.mercadopago.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://stats.g.doubleclick.net https://adapter.aivo.co https://i.clarity.ms https://f.clarity.ms https://www.mercadopago.com.mx https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk *.trackedlink.net flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net app.zinrelo.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com *.gstatic.com maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-MgkSOzwnpIiI9PS9jVZvHVuBSQ0yelUHHDqf71a03BE='; base-uri 'self'; report-to csp-endpoint 1
font-src static.unzer.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com static.rayher.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.pinterest.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms media.rayher.com static.rayher.com *.bing.com *.pinterest.com *.facebook.com https://www.google.com https://www.google.de https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de static.unzer.com jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.google.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com static.rayher.com *.clarity.ms *.bing.com connect.facebook.net *.pinimg.com www.dwin1.com *.taboola.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.unzer.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline static.rayher.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.unzer.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com static.rayher.com *.clarity.ms *.pinterest.com *.taboola.com https://*.g.doubleclick.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleadservices.com cdnjs.cloudflare.com ssl.google-analytics.com assets.adobedtm.com *.demdex.net www.googletagmanager.com *.facebook.net *.everesttech.net *.omtrdc.net *.facebook.com *.cloudfront.net *.gstatic.com *.doubleclick.net www.google.com adservice.google.com refaccionesitalika.com.mx static.addtoany.com www.google-analytics.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadolibre.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com *.googleapis.com *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com https://www.googletagmanager.com/ https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com https://*.gestpay.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com downloads.mailchimp.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.google.com https://google.com https://*.google-analytics.com https://*.cloudflare.com https://*.trustpilot.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://d132x6oi8ychic.cloudfront.net 'self' https://*.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com data: https://info.ascassociation.org https://www.google-analytics.com https://*.feathr.co https://*.adsrvr.org https://ascamedia.blob.core.windows.net https://d.adroll.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://www.facebook.com https://sync.outbrain.com https://image2.pubmatic.com https://*.openx.net https://*.pubmatic.com https://*.taboola.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://ib.adnxs.com https://ds.reson8.com https://tags.bluekai.com https://idsync.reson8.com; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ 'self' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://ascamedia.blob.core.windows.net https://cdn.jsdelivr.net; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://higherlogicstream.s3.amazonaws.com/ASCACONNECT/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self' https://*.googleapis.com https://www.googletagmanager.com; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://higherlogicdownload.s3.amazonaws.com https://s3.amazonaws.com https://ascassociation.actonservice.com https://cdn.datatables.net https://ascamedia.blob.core.windows.net https://cdn.jsdelivr.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://*.hotjar.com https://maps.googleapis.com https://*.feathr.co https://servedbyadbutler.com https://www.buzzsprout.com https://s.adr https://*.addevent.com https://*.cloudfront.net https://*.adroll.com https://*.facebook.net https://addevent.com; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://10837527.fls.doubleclick.net https://servedbyadbutler.com; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ascamapapi.azurewebsites.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.feathr.co https://*.doubleclick.net https://*.google.com https://d.adroll.com https://ascamapapinet6.azurewebsites.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-XAH8huXZDhkmNjt5Bw0hTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-+67y1h4CrJGBHcx1p/qkj+YZCEtuG2NW90tdkwTkrQQ='; base-uri 'self';report-to csp-endpoint 1
font-src fonts.gstatic.com use.typekit.net d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypalobjects.com *.google.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com *.cookielaw.org maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com *.coke.com maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.coke.com *.b2clogin.com *.facebook.com ct.pinterest.com *.userway.org api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org *.sprinklr.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.bootstrapcdn.com *.googleapis.com *.gstatic.com js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com/ googleads.g.doubleclick.net google.com google.com/ affirm.com affirm.com/ *.googlesyndication.com www.facebook.com platform.twitter.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://googleads.g.doubleclick.net/ *.klevu.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ affirm.com *.affirm.com js.klevu.com *.googlesyndication.com *.googlecommerce.com *.googletagservices.com googletagmanager.com *.bing.com *.google.com *.intercom.io *.intercomcdn.com connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com js.klevu.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pagead2.googlesyndication.com *.intercom.io affirm.com *.affirm.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com vc.hotjar.io *.gstatic.com *.hotjar.com www.google-analytics.com *.googleapis.com www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src www.creatudominio.com 1
font-src *.alothemes.com *.magepow.com http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://www.youtube.com https://amc.demdex.net https://portal.zakeke.com *.hotjar.com https://www.google.com https://www.google.it *.vimeo.com *.tradedoubler.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.alothemes.com *.magepow.com https://www.facebook.com https://www.google.com https://www.google.it http://maps.googleapis.com https://maps.googleapis.com *.cookielaw.org https://barcode.tec-it.com *.nau.it *.hotjar.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.alothemes.com *.magepow.com *.google.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam-cell.nr-data.net https://static.zdassets.com https://chimpstatic.com *.hotjar.com *.tradedoubler.com *.cookielaw.org *.nr-data.net https://cdn.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.alothemes.com *.magepow.com https://fonts.googleapis.com *.hotjar.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://nau.it 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.alothemes.com *.magepow.com https://dpm.demdex.net https://api.instagram.com https://instagram.com https://naucare.zendesk.com https://ekr.zdassets.com https://bam-cell.nr-data.net https://stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookielaw.org *.nr-data.net *.facebook.com *.onetrust.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk sandbox.api.payme.hsbc.com.hk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk sandbox.api.payme.hsbc.com.hk qr.payme.hsbc.com.hk payme-cashout-secure.hsbc.com.hk *.google.com/ https://www.youtube.com applepay.cdn-apple.com pay.google.com gateway-japa.americanexpress.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com api.payme.hsbc.com.hk sandbox.api.payme.hsbc.com.hk qr.payme.hsbc.com.hk payme-cashout-secure.hsbc.com.hk *.avada.io *.google.com/ www.googletagmanager.com applepay.cdn-apple.com pay.google.com gateway-japa.americanexpress.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://cspapi.dev.torrentflood.com/api/csp; default-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.vimeo.com *.amazonaws.com *.fema.gov *.googleapis.com *.gstatic.com *.kaspersky-labs.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com *.torrentflood.com *.trustarc.com accessdenied.pnc.com agents.floodsmart.gov analytics.google.com az416426.vo.msecnd.net cdn-forpci33.actonsoftware.com cdn.jsdelivr.net cdnjs.cloudflare.com ggpht.com google-analytics.com hartfordfloodonline.com home-c8.incontact.com marketing.torrentcorp.com maxcdn.bootstrapcdn.com mozbar.moz.com nfipdirect.com nfipdirect.fema.com nfipservices.floodsmart.gov player.vimeo.com pwm-image.trendmicro.com rum-collector-2.pingdom.net rum-static.pingdom.net selectiveflood.com ssl.google-analytics.com static3.avast.com stats.g.doubleclick.net tagmanager.google.com torrentcorp.com torrentflood.com use.fontawesome.com vortex.data.microsoft.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.torrentflood.com https://vmp.boldchat.com https://vms.boldchat.com https://*.boldchat.com https://*.torrentflood.com https://thehartford.getflood.com https://torrentflood.com https://www.hartfordfloodonline.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.msecnd.net dc.services.visualstudio.com polska.pl poland.pl ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing; img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com; font-src www.audible.com m.media-amazon.com; frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cse.google.com maps.google.es clients1.google.com ssl.p.jwpcdn.com *.googleapis.com www--carm--es.insuit.net www.googletagmanager.com www.google.com vod.redctnet.es *.adsensecustomsearchads.com mediateca.regmurcia.com www.youtube.com insuit.net www.carm.es *.gstatic.com region1.google-analytics.com www.google-analytics.com *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.youtube.com/ https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'self' 'nonce-L1sSrGTimxWB9RUMjiUcYQ==' 'report-sample'; report-uri /gdhvb2c.onmicrosoft.com/B2C_1_signup_signin/client/cspreport?p=B2C_1_signup_signin 1
script-src 'nonce-JVnFqPFx-ZJyF-d9EaeX0Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl; base-uri 'none' 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://consent.cookiefirst.com https://static.cookiefirst.com data: *.weglot.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.weglot.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://secure.pay1.de https://d.ratepay.com https://www.jsctool.com https://consent.cookiefirst.com https://static.cookiefirst.com *.doubleclick.net *.salesmanago.pl *.clarity.ms *.weglot.com *.mondu.ai/ *.mondu.local localhost:*/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com https://mageside.com https://consent.cookiefirst.com https://static.cookiefirst.com *.facebook.com *.facebook.net *.google.de *.google.at *.google.ch *.google.nl *.google.ie *.google.pl *.google.dk *.google.no *.google.se *.google.fi https://cx.atdmt.com https://img.idealo.com https://i.ytimg.com https://www.googletagmanager.com https://widgets.trustedshops.com *.doubleclick.net *.shopvote.de *.bing.com *.clarity.ms *.amazonaws.com *.meetanshi.com *.weglot.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.avada.io https://secure.pay1.de https://d.ratepay.com https://consent.cookiefirst.com https://static.cookiefirst.com data: *.shopvote.de *.doubleclick.net *.s24.com *.bing.com *.clarity.ms *.weglot.com *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com https://consent.cookiefirst.com https://static.cookiefirst.com *.shopvote.de *.weglot.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://secure.pay1.de https://d.ratepay.com https://analytics.google.com https://consent.cookiefirst.com *.cookiefirst.com https://api.cookiefirst.com https://stats.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.com *.google.nl *.google.ie *.google.pl *.google.dk *.google.no *.google.se *.google.fi data: *.shopvote.de *.facebook.com *.doubleclick.net https://googleads.g.doubleclick.net *.bing.com *.clarity.ms *.weglot.com *.saleago.com *.google-analytics.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /tools/report/index; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.salesforceliveagent.com i.simpli.fi *.force.com frontdoorcdn.formstack.io media.mascocanada.com www.mascoadvantage.ca *.sitescout.com *.doubleclick.net sfapi.formstack.io *.bazaarvoice.com www.google.com *.gstatic.com *.linkedin.com adservice.google.com www.google-analytics.com *.googleadservices.com *.facebook.com *.deltafaucet.com www.googletagmanager.com *.googleapis.com um.simpli.fi *.salesforce-sites.com www.google.ca *.licdn.com analytics.google.com s3.amazonaws.com tag.simpli.fi www.youtube.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-23jfsxXk9e-vOMbQaU1-jA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-vGlm3QGtrj3M9vhwDtKNIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
; report-uri https://realtyhive.report-uri.com/r/d/csp/reportOnly; 1
font-src fonts.gstatic.com portal.bulkgate.com *.gstatic.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de portal.bulkgate.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.google.com *.gstatic.com *.windows.net 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.google.lv *.gstatic.com *.windows.net *.facebook.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de portal.bulkgate.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk *.mysport.lv *.facebook.com *.google.lv *.google.com *.gstatic.com *.windows.net https://maps.omnivasiunta.lt 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.mysport.lv *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.windows.net https://unpkg.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mysport.lv *.addthis.com *.doubleclick.net sumo.com *.google.lv *.google.com *.windows.net *.facebook.com https://geocode.arcgis.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/tr/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bebemundo.com.do *.jugueton.com.do *.zdassets.com *.hotjar.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co amc.demdex.net www.google.com www.facebook.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.facebook.com/tr/ *.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.gstatic.com maps.googleapis.com accounts.google.com www.google.com www.facebook.com https://googleads.g.doubleclick.net www.google.com.ar www.google.com.do https://www.googletagmanager.com https://www.m.casacuesta.com *.youtube.com https://connect.facebook.net https://notifications-icommkt.website *.yotpo.com https://images.notifications-icommkt.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.avada.io *.google.com *.gstatic.com https://www.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net http://www.google.com/recaptcha/api.js https://d12zyq17vm1xwx.cloudfront.net/v2/wpn.min.js https://static.cloudflareinsights.com/ https://www.gstatic.com/recaptcha/releases/tFhBvPrftr7Y91fo1S1ASkA6/recaptcha__es.js https://externalassets.icommarketing.com/icomMkt_tracking_jquery.min.js *.youtube.com https://static.zdassets.com ekr.zdassets.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com *.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com https://www.hotjar.com https://script.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ http://ccnecommerce.com/ https://notifications-icommkt.com/ https://track-icommkt.com/ wss://widget-mediator.zopim.com/ *.youtube.com https://static.zdassets.com ekr.zdassets.com jugueton.zendesk.com bebemundord.zendesk.com casacuesta.zendesk.com *.googletagmanager.com *.yotpo.com https://maps.googleapis.com https://static.zdassets.com/web_widget/classic/latest/web-widget-main-a5bccfa.js https://script.hotjar.com/modules.429236d560f51d186b8b.js https://content.hotjar.io/?site_id=3364632&gzip=1 //ws.hotjar.com/api/v2/client/ws?v=6&site_id=3364632 https://metrics.hotjar.io/?v=6&site_id=3364632 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.gravatar.com *.googleapis.com *.gstatic.com *.googleusercontent.com; frame-ancestors 'self'; report-to https://csp-report.clickhelp.com/csp-report; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' kandypens.com *.kandypens.com verify.authorize.net secure.saintcorporation.com www.googletagmanager.com *.vimeocdn.com use.typekit.net staticw2.yotpo.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net www.google-analytics.com www.google.com www.gstatic.com code.jquery.com jstest.authorize.net includes.ccdc02.com js.authorize.net kandypens.com.imgeng.in static.zdassets.com v2.zopim.com static.trackedweb.net; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-vxGjkMRfYd0215_DgL9wig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.multisafepay.com https://pay.google.com https://*.dnafactory.it https://*.dnalab.online https://*.trustpilot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.multisafepay.com https://*.dnafactory.it https://*.dnalab.online www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.multisafepay.com https://pay.google.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online https://*.trustpilot.com https://*.clerk.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.multisafepay.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://*.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.klarnacdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.multisafepay.com widget.freshworks.com m2epro.freshdesk.com https://*.dnafactory.it https://*.dnalab.online www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://*.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.klevu.com *.livechatinc.com https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.doubleclick.net https://*.braintreegateway.com https://*.kaptcha.com https://*.paypal.com *.livechatinc.com *.google.com/ https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.klevu.com https://*.paypal.com https://*.gumlet.io *.whoisvisiting.com *.cookiepro.com *.livechat-files.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.googleapis.com *.google.com/ https://www.gstatic.com https://*.cloudfront.net https://*.klevu.com https://*.google-analytics.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com *.cookiepro.com *.livechatinc.com *.iptrack.io https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.hotjar.com https://secure.leadforensics.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.cloudfront.net https://*.klevu.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.freshdesk.com https://*.hotjar.com wss://*.hotjar.com https://*.braintreegateway.com https://*.braintree-api.com *.cookiepro.com *.liadm.com *.onetrust.com *.googleapis.com *.google-analytics.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-e144b7df02514fe49f12e10364c1d581' https://quartzmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://quartzmychart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
font-src *.gstatic.com *.fontawesome.com fonts.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.designer-images.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.stat-track.com polyfill.io *.moosend.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.zendesk.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.moosend.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.stat-track.com *.m-pages.com *.m-operations.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com ipinfo.io *.zendesk.com wss://widget-mediator.zopim.com *.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: wss: *.binotel.com *.webpushs.com *.pushdata.sendpulse.com; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' *.binotel.com *.webpushs.com *.pushdata.sendpulse.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-violation-report-endpoint 1
font-src *.sagepay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.dotdigital-pages.com *.dotdigital.com *.online-metrix.net pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afd.co.uk www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com *.afd.co.uk testflex.cybersource.com flex.cybersource.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.online-metrix.net pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com thm.visa.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net mautic.sanpol.pl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com mautic.sanpol.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ mautic.sanpol.pl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.bird.eu *.googletagmanager.com *.google.com *.google.pl mautic.sanpol.pl *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.vercel.app mautic.sanpol.pl connect.facebook.net *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com mautic.sanpol.pl *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com mautic.sanpol.pl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io mautic.sanpol.pl *.google-analytics.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com *.galapagosoutdoor.com.br *.sizebay.technology cdnjs.cloudflare.com upload.uploadcare.com ucarecdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://accounts.google.com https://www.facebook.com https://login.live.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://h.online-metrix.net www.googletagmanager.com *.galapagosoutdoor.com.br *.sizebay.technology *.facebook.com upload.uploadcare.com ucarecdn.com *.g.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.mundipagg.com api.pagar.me *.galapagosoutdoor.com.br *.mundipagg.com *.yviews.com.br *.yourviews.com.br www.google.com www.google.com.br upload.uploadcare.com cdnjs.cloudflare.com ucarecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com sandbox.pay2.com.br api.pay2.com.br pix.bcb.gov.br *.galapagosoutdoor.com.br *.mundipagg.com *.sizebay.technology *.yviews.com.br *.yourviews.com.br googleads.g.doubleclick.net cdnjs.cloudflare.com upload.uploadcare.com ucarecdn.com *.zdassets.com *.zendesk.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.galapagosoutdoor.com.br *.sizebay.technology *.yviews.com.br *.yourviews.com.br fonts.googleapis.com cdnjs.cloudflare.com upload.uploadcare.com ucarecdn.com *.zdassets.com 'self' 'unsafe-inline'; object-src *.galapagosoutdoor.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.galapagosoutdoor.com.br 'self' 'unsafe-inline'; manifest-src *.galapagosoutdoor.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.mundipagg.com api.pagar.me *.galapagosoutdoor.com.br *.mundipagg.com *.sizebay.technology *.yviews.com.br *.yourviews.com.br monitor.noblecommerce.io upload.uploadcare.com cdnjs.cloudflare.com ucarecdn.com *.zdassets.com *.zendesk.com api.smooch.io *.rdstation.com.br 'self' 'unsafe-inline'; child-src *.galapagosoutdoor.com.br http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com https://js.klevu.com/klevu-css/* https://js.klevu.com/ *.klevu.com js.klevu.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: 'unsafe-inline' data: *.klarnacdn.net *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.braintreegateway.com *.google.com https://*.youtube.com www.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org https://viewer-whitelabel.shopfully.cloud https://www.tiendeo.co.nz *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com portal.sandbox.afterpay.com portal.afterpay.com *.weltpixel.com *.klarna.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.wesupply.xyz https://wesupplylabs.com *.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.gstatic.com *.sharethis.com maps.googleapis.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com https://img.youtube.com https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au www.facebook.com *.data-dynamic.net *.godfreys.com.au *.feefo.com *.fls.doubleclick.net *.google.com *.google.com.ph *.google.com.au *.shophumm.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.tvsquared.com *.bing.com *.hotjar.com *.quantserve.com *.criteo.com *.clarity.ms *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net connect.facebook.net graph.facebook.com business.facebook.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com maps.googleapis.com *.sharethis.com maps.gstatic.com fonts.googleapis.com *.klevu.com *.cloudflare.com *.fontawesome.com portal.afterpay.com *.gstatic.com *.google.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.bronto.com *.barilliance.com *.barilliance.net *.cdn4.forter.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.cloudfront.net *.feefo.com *.shophumm.com.au *.livechatinc.com *.serving-sys.com *.googleapis.com *.clarity.ms *.criteo.net *.criteo.com *.as.criteo.com *.bing.com *.quantserve.com *.hotjar.com *.tvsquared.com *.quantcount.com *.adsrvr.org *.googlecommerce.com *.rmp.rakuten.com *.openpay.com.au https://js-agent.newrelic.com/nr-1208.min.js https://unpkg.com *.azureedge.net https://viewer-whitelabel.shopfully.cloud/scripts/v1/init.min.js *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com x.klarnacdn.net portal.sandbox.afterpay.com *.klarna.com *.klarnaservices.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.ddlnk.net debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.feefo.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://*.cloudfront.net https://*.zip.co *.nr-data.net *.forter.com wss://cdn0.forter.com *.google-analytics.com *.googleapis.com *.feefo.com *.serving-sys.com *.clarity.ms *.hotjar.com *.g.doubleclick.net *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.barilliance.net https://sslwidget.criteo.com https://socialplugin.facebook.net www.facebook.com https://prod-api-v1-widgets.azurewebsites.net wss://prod-eh-v1-analytics.servicebus.windows.net https://api.amplitude.com x.klarnacdn.net portal.sandbox.afterpay.com portal.afterpay.com *.adsrvr.org *.klarnaevt.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaservices.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com static.lipscore.com x.klarnacdn.net fonts.gstatic.com use.typekit.net static.olark.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.playground.klarna.com cdn.klarna.com *.prisguiden.no www.google.com js.klarna.com youtube.com www.youtube.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com https://d1pna5l3xsntoj.cloudfront.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com *.googlesyndication.com static.lipscore.com blob: img.youtube.com cdn.klarna.com *.playground.klarnaevt.com ssl.gstatic.com www.gstatic.com p.typekit.net d1pna5l3xsntoj.cloudfront.net akeneo.golfshopen.no *.klarna.com *.klarnaevt.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com static.lipscore.com *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com ssl.google-analytics.com www.google.com helloretailcdn.com www.gstatic.com use.typekit.net *.addwish.com d1pna5l3xsntoj.cloudfront.net core.helloretail.com googleoptimize.com/ *.olark.com sleeknotecustomerscripts.sleeknote.com/ static.hotjar.com/ js.adsrvr.org/ bat.bing.com/ s.kk-resources.com/ chimpstatic.com/ js-agent.newrelic.com/ bam.nr-data.net/ *.klarna.com chimpstatic.com downloads.mailchimp.com *.list-manage.com polyfill.io https://widget.postenlabs.no/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com static.lipscore.com tagmanager.google.com fonts.googleapis.com d1pna5l3xsntoj.cloudfront.net downloads.mailchimp.com maxcdn.bootstrapcdn.com https://widget.postenlabs.no/assets/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com wapi.lipscore.com users.lipscore.com *.algolianet.com *.playground.klarnaevt.com core.helloretail.com *.addwish.com *.olark.com stats.g.doubleclick.net/ bam.nr-data.net/ *.klarnaevt.com https://widget.postenlabs.no/ https://widget.bring.services/api/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.intercomcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.twitter.com *.creativecdn.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com dacia-ro.os.tc *.cookiebot.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthisedge.com *.twitter.com *.smartsuppcdn.com *.linkedin.com *.docomo.ne.jp *.e-planning.net *.media.net *.smaato.net *.rakuten.com *.gumgum.com *.opera.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com *.google.ro *.ibb.co contactrenaultgroup.secure.force.com *.salesforceliveagent.com *.intercomcdn.com trusted.ro *.analytics.yahoo.com *.pinterest.com *.kafune.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.smartlook.com *.licdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.hsforms.net *.hsforms.com *.googleoptimize.com onesignal.com *.onesignal.com *.intercom.io *.intercomcdn.com *.salesforceliveagent.com *.googleapis.com *.yimg.com *.retargeting.biz *.retargeting.app *.cookiebot.com *.mczbf.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com *.creativecdn.com *.pinterest.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.smartsuppcdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.ro *.smartlook.cloud *.cookiebot.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://ah-pusher.gd.ro *.webrci.ro *.yimg.com cdn.cookielaw.org *.retargeting.app *.smartsuppchat.com *.pinterest.com *.googleapis.com *.smartsuppcdn.com *.smartsupp.com wss://websocket-visitors.smartsupp.com *.creativecdn.com *.sjwoe.com *.mczbf.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src apps.bazaarvoice.com assets.tailwindapp.com at.alicdn.com cdn-uicons.flaticon.com cdnjs.cloudflare.com cdn.honey.io cdn.joinhoney.com cdn.scite.ai ecomm-cdn.trurating.com fast.wistia.com fast.wistia.net fonts.gstatic.com font.static.useinsider.com *.hotjar.com insight.adsrvr.org match.adsrvr.org pro.fontawesome.com shopping.qantas.com static.zipmoney.com.au www.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 12757253.fls.doubleclick.net 12761252.fls.doubleclick.net 6895031.fls.doubleclick.net 8219837.fls.doubleclick.net accentgroup.formstack.com analytics.tiktok.com aus59.dayforcehcm.com ausaz231.dayforcehcm.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com drwnt-pr11.ntschools.net gateway.zscalerthree.net www.googleapis.com insight.adsrvr.org insight.adsrvr.org.x.84c439f70e5c7046810abf7058a74d187b80.43d75326.id.opendns.com invidious.projectsegfau.lt match.adsrvr.org my.volumental.com ole.worldmanager.com portal.afterpay.com rcg.demdex.net safe.menlosecurity.com servedby.flashtalking.com socialq.net td.doubleclick.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com tpc.googlesyndication.com www.dayforcehcm.com www.facebook.com www.google.com yt.artemislena.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.afterpay.com https://site-assets.afterpay.com/ display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 1f2e7.v.fwmrm.net aa.agkn.com accentgroupsupport.zendesk.com ade.clmbtech.com adgen.socdm.com adservice.google.com adservice.google.com.au adservice.google.se ads.stickyadstv.com adx.dable.io ad.360yield.com ad.as.amanad.adtdp.com ad.doubleclick.net ad.tpmn.co.kr ad.yieldlab.net analytics.tiktok.com api.fillr.com assets.api.useinsider.com cdn.attraqt.io a.twiago.com bam.nr-data.net bat.bing.com beacon.krxd.net cdn.aralego.net cdn.honey.io cloud.shopback.com cms.quantserve.com cm.adform.net cm.adgrx.com cm.g.doubleclick.net connect.facebook.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv *.criteo.com *.criteo.net cs.adingo.jp ct.pinterest.com c.bing.com d3nocrch4qti4v.cloudfront.net developers.google.com df45ay5pw60dy.cloudfront.net dsum-sec.casalemedia.com duuytoqss3gu4.cloudfront.net e1.emxdgt.com eb2.3lift.com ecomm-cdn.trurating.com embed-ssl.wistia.com encrypted-tbn3.gstatic.com engage-assets.volumental.com exchange.mediavine.com fast.wistia.com fast.wistia.net fonts.gstatic.com hb.yahoo.net *.hotjar.com i6.liadm.com ib.adnxs.com id5-sync.com idsync.rlcdn.com image.useinsider.com insight.adsrvr.cn insight.adsrvr.org i.liadm.com jadserve.postrelease.com js-agent.newrelic.com khms0.googleapis.com khms1.googleapis.com lantern.roeye.com lh3.ggpht.com *.lightboxcdn.com log.api.useinsider.com log.pinterest.com maps.googleapis.com maps.gstatic.com matching.ivitrack.com match.adsrvr.org match.prod.bidr.io match.sharethrough.com media.littlebirdie.com.au p25.zdusercontent.com pagead2.googlesyndication.com partner.mediawallahscript.com photos-eu.bazaarvoice.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pos.baidu.com pr-bh.ybp.yahoo.com prf.hn rs.fullstory.com rtb-csync.smartadserver.com r.casalemedia.com s0.2mdn.net scontent.cdninstagram.com secure.adnxs.com sentinel.api.useinsider.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.aralego.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com s.ad.smaato.net s.thebrighttag.com s.trackonomics.net tags.bluekai.com tapestry.tapad.com tg.socdm.com *.theathletesfoot.com.au *.theathletesfoot.co.nz translate.google.com trends.revcontent.com um.simpli.fi ups.analytics.yahoo.com visitor.omnitagjs.com wp-log.api.useinsider.com www.bing.com www.facebook.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cn www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sr www.google.tn www.google.tt www.google.vu www.google.ws www.ist-track.com www.littlebirdie.com.au x.bidswitch.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com ad.doubleclick.net analytics.tiktok.com api.useinsider.com assets.api.useinsider.com assets.pinterest.com bam.nr-data.net bat.bing.com cdn.attraqt.io chat.gosquared.com configaus2.veinteractive.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com d1l6p2sc9645hc.cloudfront.net data2.gosquared.com data.gosquared.com dkupaw9ae63a8.cloudfront.net ecomm-cdn.trurating.com ecommwidget.trurating.com edge.fullstory.com eitri.api.useinsider.com fast.wistia.com fast.wistia.net *.forter.com foursixty.com googletagmanager.com stats.g.doubleclick.net *.hotjar.com https://www.google-analytics.com insight.adsrvr.org js-agent.newrelic.com js.adsrvr.org lantern.roeyecdn.com *.lightboxcdn.com loader.wisepops.com maps.googleapis.com match.adsrvr.org pagead2.googlesyndication.com pixel.roymorgan.com polyfill.io rs.fullstory.com srd.bazaarvoice.com static.zdassets.com s.pinimg.com s.retargeted.co tag.benchplatform.com test.socialq.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au *.theathletesfoot.co.nz tpc.googlesyndication.com t.cfjump.com unpkg.com widget-mediator.zopim.com wss://widget-mediator.zopim.com www.everestjs.net www.googletagservices.com www.google.com www.ist-track.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com display.ugc.bazaarvoice.com unsafe-inline apps.bazaarvoice.com assets.api.useinsider.com cdn.honey.io fast.wistia.com fonts.googleapis.com foursixty.com www.googletagmanager.com *.lightboxcdn.com pwm-image.trendmicro.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.retargeted.co ausaz231.dayforcehcm.com cdn.attraqt.io connect.facebook.net *.criteo.com embed-cloudfront.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.forter.com googleads.g.doubleclick.net insight.adsrvr.org match.adsrvr.org region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com static.zdassets.com td.doubleclick.net www.bing.com www.googletagmanager.com www.google.com.hk www.google.co.in www.google.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com abacus.api.useinsider.com adobedc.demdex.net adservice.google.com ad.doubleclick.net analytics.tiktok.com api.retargeted.co api.trongrid.io api.useinsider.com bam.nr-data.net bat.bing.com carrier.useinsider.com collect-ap2.attraqt.io content.hotjar.io *.criteo.com cs.hae123.cn ct.pinterest.com d1wix2gc2cgqis.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3in1te4fdays6.cloudfront.net devtools-euw1c-interaction-server-004-mobile.browserstack.com distillery.wistia.com doublestat.info ecmacore.com ecommapi.trurating.com edge.fullstory.com ekr.zdassets.com embed-cloudfront.wistia.com embed-ssl.wistia.com fast.wistia.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.forter.com foursixty.com googleads4.g.doubleclick.net hit.api.useinsider.com *.hotjar.com ip.x2convert.com jb-on-site.api.useinsider.com locationv2.api.useinsider.com maps.googleapis.com metrics.hotjar.io network-a.bazaarvoice.com pagead2.googlesyndication.com pipedream.wistia.com portal.afterpay.com rcg.api.fluentretail.com rcg.tt.omtrdc.net recommendationv2.api.useinsider.com recommendation.api.useinsider.com region1.google-analytics.com rh.nexus.bazaarvoice.com rs.fullstory.com segment.api.useinsider.com stats.g.doubleclick.net surveystats.hotjar.io tafnz.api.fluentretail.com theathletesfootau.api.useinsider.com theathletesfootcustomercarenz.zendesk.com theathletesfootcustomercare.zendesk.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au translate.googleapis.com tru-live-eventhubs.servicebus.windows.net unification.useinsider.com vc.hotjar.io widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com www.facebook.com www.google.com www.google.com.au zendesk-eu.my.sentry.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src edgeshoppingstatic.azureedge.net *.hotjar.com *.lightboxcdn.com wss://cdn0.forter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.theathletesfoot.com 'self' 'unsafe-inline'; report-uri /_csp-reporting; report-to report-endpoint; 1
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.mundipagg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mundipagg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8PuyTbLLhbdK5Ny282oFIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.klevu.com *.ksearchnet.com *.fontawesome.com *.ffs.wcltest.com cdn.icomoon.io *.feefo.com *.cookiebot.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mention-me.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.googleapis.com *.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.ffs.wcltest.com *.paypalobjects.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.feefo.com *.cookiebot.com *.klaviyo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.ffs.wcltest.com *.google.co.in *.googleadservices.com *.google-analytics.com *.facebook.com *.bing.com *.feefo.com *.cookiebot.com *.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.mention-me.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.ffs.wcltest.com *.bing.com *.paypalobjects.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.dwin1.com *.cookiebot.com *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com tagmanager.google.com *.ffs.wcltest.com cdn.icomoon.io *.googleapis.com static-tracking.klaviyo.com *.feefo.com *.cookiebot.com *.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.ffs.wcltest.com *.s3-eu-west-1.amazonaws.com *.feefo.com *.cookiebot.com *.klaviyo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.mention-me.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' hairboutique.com *.hairboutique.com *.cloudfront.net *.tribalfusion.com *.exponential.com *.googletagmanager.com *.googleapis.com g.adspeed.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; img-src *; frame-ancestors 'self'; object-src *; report-uri report_uri.php; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'unsafe-inline' kit.fontawesome.com * data; style-src 'unsafe-inline' hairboutique.com *.hairboutique.com;script-src-elem 'unsafe-inline' hairboutique.com *.hairboutique.com *.googlesyndication.com securepubads.g.doubleclick.net kit.fontawesome.com pagead2.googlesyndication.com adservice.google.com partner.googleadservices.com d31qbv1cthcecs.cloudfront.net www.googletagmanager.com www.google-analytics.com tpc.googlesyndication.com;connect-src 'self' 'unsafe-inline' *.hairboutique.com  www.google-analytics.com pagead2.googlesyndication.com tpc.googlesyndication.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://ssl.ingersoll-imc.com https://www.google-analytics.com https://platform.twitter.com  https://www.googletagmanager.com https://wpcc.io; style-src 'self' 'unsafe-inline' http://ssl.ingersoll-imc.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://wpcc.io https://cdn.websitepolicies.io; img-src 'self' https://ssl.ingersoll-imc.com https://www.google-analytics.com https://syndication.twitter.com https://stats.g.doubleclick.net; connect-src 'self' https://syndication.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://ssl.ingersoll-imc.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src https://platform.twitter.com https://syndication.twitter.com; report-uri https://report.ingersoll-imc.com 1
font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com js.stripe.com *.useinsider.com hit.api.useinsider.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.useinsider.com hit.api.useinsider.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.trustpilot.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl http://dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uVisil8PE1vY0nzvePtBDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DOnWy0edm09p8QO8W1sz0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://console.accessibleweb.com https://maxcdn.bootstrapcdn.com https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.google.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com https://stellar-live.inside-graph.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com unsafe-inline https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://stellar-live.inside-graph.com wss://stellar-live.inside-graph.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.hotjar.com *.iadvize.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.kameleoon.eu *.avis-verifies.com *.linkedin.com *.bing.com https://*.google.com *.google.fr *.gstatic.com *.facebook.com *.boutique-dalloz.fr/* *.alzmedia.fr *.link-page.info https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com maps.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.tiqcdn.com *.linkeo.com *.link-page.info *.licdn.com *.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.avis-verifies.com *.doubleclick.net *.google.com https://*.ggpht.com *.googletagmanager.com *.iadvize.com *.target2sell.com *.alzmedia.fr https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alzmedia.fr https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.iadvize.com *.hotjar.com *.hotjar.io *.googleapis.com/ *.target2sell.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-QEuYepVdAkE9rYznjIZp8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-TJ597kQ5TPU3qrZcepzeiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net *.facebook.net trk.clinch.co *.twitter.com *.tiktok.com adservice.google.com www.google.com.mx in.treasuredata.com unpkg.com *.facebook.com www.google.com *.gstatic.com beacon.krxd.net static.addtoany.com *.linkedin.com *.doubleclick.net www.google-analytics.com cdn.treasuredata.com icongr.am www.youtube.com t.co *.adsrvr.org *.licdn.com cdnjs.cloudflare.com cdn.krxd.net *.ads-twitter.com cdn.cookielaw.org *.clarity.ms www.googletagmanager.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googletagmanager.com *.bid.g.doubleclick.net www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.mundipagg.com https://api.pagar.me *.googleadservices.com *.googletagmanager.com *.gstatic.com *.ssl.gstatic.com *.google-analytics.com *.facebook.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com *.googleadservices.com *.googleads.g.doubleclick.net *.fontawesome.com *.smarthint.co *.facebook.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.tagmanager.google.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.mundipagg.com https://api.pagar.me *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://casadoprodutor.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src *.gstatic.com *.amazonaws.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaservices.com *.braintreegateway.com *.authorize.net *.cloudfront.net *.klarna.com js.mollie.com assets.braintreegateway.com pay.google.com * *.weltpixel.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net www.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.postcodeanywhere.co.uk *.cloudflare.com *.zonos.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com assets.braintreegateway.com *.gstatic.com data: 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com includestest.ccdc02.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google.com *.feefo.com *.klaviyo.com *.cloudfront.net *.zonos.com *.clarity.ms *.hotjar.com *.cloudflareinsights.com *.bing.com *.pcapredict.com *.postcodeanywhere.co.uk *.klarna.com *.klarnacdn.net https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarnaservices.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypal.com; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.postcodeanywhere.co.uk *.klarnacdn.net https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com *.clarity.ms 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.paypalobjects.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dycdn.net wss://*.freshrelevance.com *.zonos.com *.klarnaevt.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr https://api.systempay.fr/static/ https://cdnjs.cloudflare.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cookiebot.com/ *.youtube.com/ *.google.com *.google.fr www.facebook.com https://www.googletagmanager.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.ytimg.com *.google.com *.google.fr *.g.doubleclick.net *.avis-verifies.com www.facebook.com http://commerce-atemo.agoravita.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ 'self' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.cookiebot.com *.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js *.g.doubleclick.net *.facebook.net *.metaffiliation.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ https://cdnjs.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.fontawesome.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://api.systempay.fr/static/ https://cdnjs.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com https://m.clarity.ms/collect *.googlesyndication.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ws.colissimo.fr https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.oct8ne.com *.jsdelivr.net *.payments-amazon.com *.ittweb.net *.googletagmanager.com *.accelasearch.net *.accelasearch.io *.scalapay.com *.google.com *.gstatic.com; font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: *.accelasearch.io *.accelasearch.net *.flixcar.com *.flixfacts.com *.azureedge.net *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; frame-ancestors www.freeshop.it 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.flixcar.com *.criteo.com *.google.com *.agos.it *.shopcall.io *.oct8ne.com *.azureedge.net *.salesmanago.pl *.googletagmanager.com *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://images.unsplash.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com validate.fishpig.co.uk 'self' data: maps.gstatic.com https://via.placeholder.com https://www.feedaty.com https://widget.zoorate.com https://rt.flix360.com *.facebook.com *.flixcar.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.yieldlab.net *.adform.net *.omnitagjs.com *.id5-sync.com id5-sync.com *.smartclip.net *.tremorhub.com *.ads.yieldmo.com *.krxd.net *.thebrighttag.com *.criteo.com *.freeshop.it *.ivitrack.com *.emxdgt.com *.azureedge.net *.yahoo.net *.postrelease.com *.feedaty.com *.google.com *.google.it *.yotpo.com www.freeshop.it 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com cdn.scalapay.com b2c-cdn.scalapay.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://unpkg.com https://prod.flixgvid.flix360.io https://media.flixcar.com https://widget.zoorate.com https://widget.feedaty.com *.facebook.com *.facebook.net *.zendesk.com *.zdassets.com *.accelasearch.io *.accelasearch.net *.iubenda.com *.criteo.com *.criteo.net *.dwin1.com *.jsdelivr.net *.googletagmanager.com *.google-analytics.com tracking.trovaprezzi.it www.trovaprezzi.it *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com https://unpkg.com https://widget.zoorate.com *.accelasearch.io *.flixcar.com *.accelasearch.net *.jsdelivr.net *.freeshop.it *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.freeshop.it 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.zendesk.com *.zdassets.com *.accelasearch.io *.iubenda.com *.flixcar.com *.facebook.com *.google.com *.oct8ne.com *.doubleclick.net *.yotpo.com live.icecat.biz www.freeshop.it 'self' 'unsafe-inline'; child-src www.freeshop.it http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com www.freeshop.it 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.klarna.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.afterpay.com https://site-assets.afterpay.com/ https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com maps.googleapis.com chart.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com https://*.googleapis.com *.typekit.net *.klarnacdn.net *.fontawesome.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu tagmanager.google.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com maps.googleapis.com chart.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io *.google.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors app.cux.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com www.youtube.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.google.pl www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cards-accept.bm.pl cards.bm.pl pay.google.com *.google-analytics.com *.googletagmanager.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.dwin1.com dc.cux.io connect.facebook.net *.livechatinc.com static.clickonometrics.pl www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.fontawesome.com unsafe-inline *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.track.cux.io stats.g.doubleclick.net ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.zopim.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.doubleclick.com *.getblue.io *.addtoany.com *.magerocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.storydots.app storydots.app *.magerocket.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.aptrinsic.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.embluemail.com *.getblue.io *.doubleclick.com *.newrelic.com *.nr-data.net *.addtoany.com *.woowup.com *.storydots.app storydots.app *.magerocket.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.doubleclick.com *.nr-data.net *.storydots.app storydots.app *.magerocket.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-9yoaE9ucdSbHv6xoGvDjRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com *.designo.software *.cloudflare.com fonts.googleapis.com static.criteo.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.bazaarvoice.com www.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://pay.google.com https://secure-test.worldpay.com *.bazaarvoice.com *.worldpay.com *.ometria.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.criteo.com *.criteo.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.bazaarvoice.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com cm.everesttech.net *.ometria.com *.googleapis.com *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.designo.software www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com maps.gstatic.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net *.nr-data.net tprg.cloudflareaccess.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.bazaarvoice.com *.iesnare.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.ediemidnightzombies.com smct.co s7.addthis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.designo.software www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com *.moatads.com *.superpointlesshamsters.com *.flockr.co *.webtrends-optimize.com cdn.attn.tv *.webtrends-optimize.workers.dev *.attentivemobile.com ryman-gb.attn.tv robertdyas-gb.attn.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com display.ugc.bazaarvoice.com *.designo.software *.flockr.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com *.designo.software static.criteo.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.bazaarvoice.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com ekr.zdassets.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com maps.googleapis.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.acsbapp.com acsbapp.com *.queue-it.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com pay.sandbox.realexpayments.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com account.fetchify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pay.sandbox.realexpayments.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.acsbapp.com acsbapp.com *.queue-it.net services.postcodeanywhere.co.uk google.com google.co.za www.google.co.za data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.acsbapp.com acsbapp.com *.queue-it.net services.postcodeanywhere.co.uk js-agent.newrelic.com *.newrelic.com bam.nr-data.net *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cc-cdn.com *.acsbapp.com acsbapp.com *.queue-it.net services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.acsbapp.com acsbapp.com *.queue-it.net js-agent.newrelic.com *.newrelic.com bam.nr-data.net *.nr-data.net *.postcodeanywhere.co.uk stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.monetico-services.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.monetico-services.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.criteo.com *.doubleclick.net *.criteo.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com camo.githubusercontent.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.ekomi.de *.pubmatic.com *.bing.com *.aralego.com *.googletagmanager.com *.bidswitch.net *.media.net *.smaato.net *.yahoo.net *.krxd.net *.adnxs.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.3lift.com *.yahoo.com *.socdm.com *.criteo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.yieldmo.com *.zopai88.com *.google.com *.google.com.vn *.teads.tv *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.ekomi.de *.googletagmanager.com *.bing.com *.criteo.net *.criteo.com *.doubleclick.net *.lgw.io *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.zopai88.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.monetico-services.com *.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.doubleclick.net *.geojs.io *.criteo.com *.googleadservices.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.mediavine.com *.outbrain.com *.clmbtech.com *.bluekai.com *.yieldmo.com *.zopai88.com *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-df32dc1dfdd147fda9c8fe8f951bb21f' https://Health-Hub.org.au 'self';img-src https://* 'self' blob: data:;style-src https://Health-Hub.org.au 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-H6Kj0xP_x97U6lJQep6Ikw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.media.net https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.huffingtonpost.com https://www.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com ; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1re7q9dj482ht&partner=; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com *.googleapis.com netdna.bootstrapcdn.com *.facebook.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google-analytics.com www.expresslanes.com www.google.com prd.cdn.web.expresslanes.com expresslanes.com *.gstatic.com www.googletagmanager.com rum-collector-2.pingdom.net *.doubleclick.net rum-static.pingdom.net vds.aws.expresslanes.com *.facebook.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-xD_uzHC4Lt-u4rPjFXtrfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dm6qsoRjYR0vV_GCdf0qvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'strict-dynamic' 'nonce-q9aFMzTxdTK2fRfcgiI8Rw=='; 1
frame-ancestors 'none';img-src 'self' data: https://staging.eveandi.health  https://www.facebook.com  https://via.placeholder.com  https://www.paypalobjects.com  https://plugins.svn.wordpress.org  https://cdn.divisupreme.com  https://yastatic.net  https://i.ytimg.com  https://tools.roxhealth.net  https://translate.google.com  https://eveandi.health  https://marketing-staging.eveandi.health  android-webview-video-poster  https://wpforms.com  https://really-simple-ssl.com  https://fonts.gstatic.com  https://www.google.com  https://app-staging.eveandi.health  https://cdn.datatables.net  https://divisupreme.com  https://www.etracker.de  https://cdn-public.borlabs.io  https://work.eveandi.health  https://roche.eveandi.health  https://images.podigee-cdn.net  blob:  https://divi-modules.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://connect.facebook.net  https://tools.roxhealth.net  https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  https://www.google.com  https://www.paypal.com  https://maps.googleapis.com  https://platform.twitter.com  https://www.gstatic.com  https://js.stripe.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://lepubu.nupigutiwo.com  https://code.etracker.com  https://www.etracker.de  about  https://cdnjs.cloudflare.com  https://unpkg.com  https://cdn.datatables.net  https://xeldurap.peazheut.com  https://me.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://www.googletagmanager.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net  https://tools.roxhealth.net  https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com  https://www.google.com  https://www.paypal.com  https://maps.googleapis.com  https://platform.twitter.com  https://www.gstatic.com  https://js.stripe.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://lepubu.nupigutiwo.com  https://code.etracker.com  https://www.etracker.de  about  https://cdnjs.cloudflare.com  https://unpkg.com  https://cdn.datatables.net  https://xeldurap.peazheut.com  https://me.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://maxcdn.bootstrapcdn.com  https://cdn.datatables.net  https://ajax.googleapis.com  https://cdnjs.cloudflare.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://ff.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://adblockers.opera-mini.net  https://maxcdn.bootstrapcdn.com  https://cdn.datatables.net  https://ajax.googleapis.com  https://cdnjs.cloudflare.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://player.podigee-cdn.net  https://ff.kis.v2.scr.kaspersky-labs.com ; font-src 'self' https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com  https://assets.tailwindapp.com  https://player.podigee-cdn.net  data:; frame-src 'self' https://www.youtube.com  https://www.facebook.com  https://www.youtube-nocookie.com  https://link.springer.com  https://platform.twitter.com  https://player.podigee-cdn.net  https://www.termedia.pl  https://audio.podigee-cdn.net  https://podcasts.apple.com  blob:; connect-src 'self' https://tools.roxhealth.net  https://www.facebook.com  https://maps.googleapis.com  properties  https://www.gstatic.com  https://api.rankmath.com  https://fonts.googleapis.com  https://www.etracker.de  https://marketing-staging.eveandi.health  https://translate.googleapis.com  https://player.podigee-cdn.net  https://region1.analytics.google.com  https://www.google.nl  https://stats.g.doubleclick.net;  media-src 'self' https://marketing-staging.eveandi.health  https://marketing-app.eveandi.health  https://work.eveandi.health  https://roche.eveandi.health  data:;  worker-src 'self' blob:;  report-uri https://eveandi.health/wp-json/rsssl/v1/csp?rsssl_apitoken=875209884; 1
object-src 'none';base-uri 'self';script-src 'nonce-pswAxU68rBBowL_-wTznNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.braintreegateway.com *.paypal.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.paypal.com *.typekit.net p.typekit.net s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qhHvxCMbUtkIjTxj2Zgaxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-tVk6FoHyrSZ0U-UHR6o1xw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.me/ https://pagead2.googlesyndication.me/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.me https://apis.google.me https://accounts.google.me; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.me/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.me http://vk.me https://accounts.google.me/ 1
font-src *.fontawesome.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.paypalobjects.com t.paypal.com *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google-analytics.com *.google.com *.google.ro *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com 'self' data: https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net t.elasticsuite.io *.google-analytics.com *.doubleclick.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-kFkR9iu-kd6O-xL0b9V9cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bKsNoA5gpsuO7wnxqy-sYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-MP4HyQd6eiD3-9DmIL8q2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.coincatch.com https://*.coincatch.cc https://*.bgbstatic.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me  https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://partner.googleadservices.com https://*.adsrvr.org https://static.ads-twitter.com https://*.glassgs.com https://wcs.naver.net https://*.zendesk.com; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com https://*.coincatch.com wss://*.coincatch.com https://*.coincatch.cc wss://*.coincatch.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bgbstatic.com  https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com https://www.tradingview.com https://api.tronstack.io wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com wss://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.coincatch.com https://*.geetest.com https://*.geevisit.com https://*.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://connect.facebook.net https://analytics.pangle-ads.com https://partner.googleadservices.com https://*.gstatic.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://*.adsrvr.org https://wcs.naver.net https://wcs.naver.com https://static.ads-twitter.com; frame-src 'self' 'report-sample' blob: data: https://*.coincatch.com https://*.coincatch.cc https://*.google.com https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://gateway.95516.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://tpc.googlesyndication.com https://*.glassgs.com https://*.adsrvr.org https://*.adsrvr.cn; frame-ancestors 'self'; report-uri https://65266bb9a5a15fa1ff36a6b6.endpoint.csper.io?v=8; 1
object-src 'none';base-uri 'self';script-src 'nonce-KHKHZ5YpjB_pYAvKa9WzYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-tR0rAOmJE9gAMWOYrM+invEJn4kSh4tO0wIkytk0bac='; base-uri 'self';report-to csp-endpoint 1
object-src 'none';base-uri 'self';script-src 'nonce-HIVaGJ0X0XE5JGz_6N51Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'self'; script-src 'self' 'unsafe-inline'; font-src fonts.gstatic.com https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; require-trusted-types-for 'script' 1
font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gateway.apaylater.com gateway.atome.sg ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.googletagmanager.com *.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.omise.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.bootstrapcdn.com *.cloudflare.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.realexpayments.com www.facebook.com *.adyen.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.vimeo.com *.hotjar.com www.facebook.com mention-me.com coals2u.mention-me.com *.coals2u.co.uk *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com optimize.google.com *.weltpixel.com www.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.google-analytics.com *.google.com *.google.co.uk *.klarna.com *.paypal.com *.adnxs.com *.bing.com *.clarity.ms www.facebook.com *.adyen.com *.gstatic.com *.googleapis.com *.trackedlink.net www.xtento.com cdn.xtento.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.fontawesome.com *.google.com *.google.co.uk *.google-analytics.com *.gstatic.com www.facebook.com *.feefo.com *.hotjar.com *.moatads.com *.adnxs.com *.webgains.io *.addthisedge.com *.bing.com *.facebook.net *.clarity.ms static.mention-me.com tag.mention-me.com *.coals2u.co.uk *.newrelic.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal googleoptimize.com *.getflowbox.com www.xtento.com cdn.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com optimize.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.sandbox.paypal.com *.feefo.com *.hotjar.com www.facebook.com *.mention-me.com *.bronto.com *.brontops.com *.clarity.ms *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.getflowbox.com webchat.dotdigital.com webchat.staging.dotdigital.com *.ideal-postcodes.co.uk connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'strict-dynamic' 'nonce-Dr1FM7tWsTtQ961KClnQpw=='; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: *.stamped.io *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.youtube.com *.livechatinc.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: www.google.pl *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com www.gstatic.com *.cloudfront.net *.stamped.io *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com connect.facebook.net http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org www.klarnapayments.com *.affirm.com *.routeapp.io *.stripe.com klarna.com *.klarnaevt.com https://www.police-supplies.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.stamped.io www.klarnapayments.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.ideal-postcodes.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.authorize.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://55c71e5d-d0bf-4ab4-af0e-8857ce430033.sansec.watch/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-CSdvsjq3yk92H7VE-HTsrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' report-uri https://o244114.ingest.sentry.io/api/1420725/security/?sentry_key=d59dabdf03794a039923edd4ac216d88&sentry_environment=production 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors https://*.etracker.de https://*.etracker.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com cdn.privacy-mgmt.com consent.bauer-plus.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.bauer-plus.de stats.g.doubleclick.net https://*.etracker.de https://*.google.de data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.etracker.de https://*.etracker.com www.dwin1.com cdn.privacy-mgmt.com consent.bauer-plus.de https://www.captcha.eu jquery.sellxed.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com https://*.etracker.de https://*.etracker.com https://*.google-analytics.com cdn.privacy-mgmt.com consent.bauer-plus.de https://www.captcha.eu https://w19.captcha.at https://at.captcha.at https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /general/csp/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-8aVnc_DYaXZ-_phI0ZBxtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'nonce-7dtN5aLeJAidvOLYI6VaWQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl; base-uri 'none' 1
font-src googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com cdn.dnky.co webchat.dotdigital.com youtube.com www.youtube.com www.book2look.com static.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com i.ytimg.com https://www.magezon.com 'self' data: *.tile.openstreetmap.org connect.ekomi.de data: google.com google.at www.google.com www.google.at www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.google.com www.google.com www.gstatic.com www.googletagmanager.com static.addtoany.com connect.ekomi.de cdn.public.n1ed.com appjs.blickinsbuch.de www.blickinsbuch.de *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com googleapis.com https://www.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com www.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net t.elasticsuite.io *.google-analytics.com google-analytics.com doubleclick.net stats.g.doubleclick.net www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com *.youtube.com youtu.be *.vimeo.com *.addthis.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com www.google.com www.gstatic.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-wM2jBvUbqHWX50HgPoPLXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.pinterest.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: *.pinterest.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com bam.nr-data.net *.newrelic.com *.addtoany.com *.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.googleapis.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com bam.nr-data.net *.addtoany.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.stripe.com *.google.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.opayo.eu.elavon.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.paypal.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.stripe.com *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' *.paypal.com assets.braintreegateway.com blob: c.paypal.com http: https:; connect-src 'self' 'unsafe-inline' *.braintree-api.com *.fullstory.com *.google.com *.googleapis.com *.googleusercontent.com *.instagram.com *.mmapiws.com *.onetrust.com *.paypal.com *.postcodeanywhere.co.uk *.visualwebsiteoptimizer.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com amazonwebservices.d2.sc.omtrdc.net amcglobal.sc.omtrdc.net analytics.google.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com bam.nr-data.net cdn.cookielaw.org centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com dpm.demdex.net esp.aptrinsic.com geo.cardinalcommerce.com geostag.cardinalcommerce.com https://a.klaviyo.com/ https://analytics.google.com https://bam.nr-data.net https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://stats.g.doubleclick.net https://telemetrics.klaviyo.com/ https://www.google-analytics.com pilot-payflowlink.paypal.com region1.google-analytics.com vs.aws.amazon.com web-sdk.aptrinsic.com www.google-analytics.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; default-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' 'unsafe-inline' *.fontawesome.com data: fonts.gstatic.com resources.webscale.com static.klaviyo.com; frame-src 'self' 'unsafe-inline' *.adobe.com *.bdashops.com *.cardinalcommerce.com *.facebook.com *.google.com *.googleapis.com *.incontact.com *.labs.wesupply.xyz *.paypal.com *.punchout2go.com *.weltpixel.com *.youtube.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com 9174427.fls.doubleclick.net assets.braintreegateway.com auth.pingone.com aws.demdex.net bda.bdashops.com c.paypal.com centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com checkout.paypal.com fast.amc.demdex.net geo.cardinalcommerce.com geostag.cardinalcommerce.com home-c19.incontact.com https://app.smartsheet.com https://privacyportal.onetrust.com/ https://www.google.com/recaptcha/ labs.wesupply.xyz login.microsoftonline.com pay.google.com pennycake.labs.wesupply.xyz pilot-payflowlink.paypal.com player.vimeo.com privacyportal.onetrust.com secure.authorize.net service.force.com test.authorize.net wesupply.xyz wesupplylabs.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com; form-action 'self' 'unsafe-inline' *.cardinalcommerce.com *.facebook.com *.onetrust.com *.paypal.com *.pingone.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com auth.pingone.com centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com connect.tradecentric.com geo.cardinalcommerce.com geostag.cardinalcommerce.com pilot-payflowlink.paypal.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com; frame-ancestors 'self' https://portal.tradecentric.com; img-src 'self' 'unsafe-inline' *.adobe.com *.behance.net *.cdninstagram.com *.facebook.com *.fbcdn.net *.ftcdn.net *.google.com *.googleapis.com *.gstatic.com *.paypal.com *.postcodeanywhere.co.uk *.vimeocdn.com *.visualwebsiteoptimizer.com amazonwebservices.d2.sc.omtrdc.net amcglobal.sc.omtrdc.net analytics.google.com assets.adobedtm.com assets.braintreegateway.com b.stats.paypal.com c.paypal.com cdn.cookielaw.org checkout.paypal.com cm.everesttech.net connect.punchout2go.com d3k81ch9hvuctc.cloudfront.net data: dpm.demdex.net dub.stats.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com google.co.uk https://a.klaviyo.com/ https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://telemetrics.klaviyo.com/ https://www.googletagmanager.com i.ytimg.com maps.googleapis.com resources.webscale.com ssl.gstatic.com t.paypal.com validator.swagger.io widgets.magentocommerce.com www.google-analytics.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; media-src 'self' 'unsafe-inline' *.adobe.com *.cdninstagram.com; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobe.com *.fullstory.com *.google.com *.googleapis.com *.instagram.com *.maxmind.com *.newrelic.com *.paypal.com *.pcapredict.com *.postcodeanywhere.co.uk *.vimeocdn.com *.visualwebsiteoptimizer.com 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com a0.awsstatic.com/s_code/ ajax.cloudflare.com ajax.googleapis.com analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com assets.adobedtm.com assets.braintreegateway.com bam.nr-data.net c.paypal.com cdn.cookielaw.org client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.punchout2go.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com https://a.klaviyo.com/ https://connect.facebook.net/ https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://telemetrics.klaviyo.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js-agent.newrelic.com js.braintreegateway.com maps.googleapis.com pay.google.com prod.assets.shortbread.aws.dev prod.tools.shortbread.aws.dev s.ytimg.com secure.authorize.net service.force.com songbird.cardinalcommerce.com ssl.google-analytics.com stats.g.doubleclick.net t.paypal.com tagmanager.google.com test.authorize.net vimeo.com web-sdk.aptrinsic.com www.google-analytics.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.vimeo.com; style-src 'self' 'unsafe-inline' *.adobe.com *.fontawesome.com *.google.com *.gstatic.com *.postcodeanywhere.co.uk connect.punchout2go.com fonts.googleapis.com https://connect.punchout2go.com/ https://static.klaviyo.com resources.webscale.com service.force.com static-tracking.klaviyo.com tagmanager.google.com web-sdk.aptrinsic.com; report-uri /.webscale/csp-report 1
font-src *.gstatic.com data: *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com cedcommerce.com *.demdex.net *.paypalobjects.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com www.facebook.com *.bing.com *.google.co.uk *.google.co.in *.google.com blob: *.directvacuums.co.uk blob: *.ayko.com *.edesk.com *.cloudfront.net *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.clerk.io *.googleoptimize.com *.bing.com *.doubleclick.net *.newrelic.com *.nr-data.net *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.google-analytics.com *.doubleclick.net *.trustpilot.com *.nr-data.net *.bing.com *.googleapis.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-3XL2YPWcMu3f79TvqIzINQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'self' https://*.holidaysplease.co.uk:3000 wss://*.holidaysplease.co.uk:3000; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://*.holidaysplease.co.uk:3000 https://connect.facebook.net https://bat.bing.com https://*.elegantescapes.com 'nonce-/O95NA'; img-src * data:; frame-src 'self' https://www.facebook.com/ data: 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.pagaleve.io *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.pagaleve.com.br https://cdn.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pagseguro.com.br http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://viacep.com.br https://www.viacep.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fitmoda.com.br *.fitmoda.com.br fitmoda.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.paypalobjects.com *.paypal.com *.smarthint.co *.g.doubleclick.net *.googleadservices.com *.google.com.br d335luupugsy2.cloudfront.net google.com.br *.rdstation.com.br *.facebook.net *.google-analytics.com *.google.cl *.google.com *.com.au *.com.pe *.google.sr *.com.bo *.google.ie *.fbits.net *.tawk.to *.soclminer.com.br *.co.jp google.co.jp googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com *.fitmoda.com.br google-analytics.com *.googletagmanager.com *.google.pt *.google.fr *.google.it *.uc.r.appspot.com stats.g.doubleclick.net googletagmanager.com connect.facebook.net *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net clarity.ms *.clarity.ms checkout.fitmoda.com.br *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com secure.lomadee.com *.lomadee.com 44.219.78.226 35.168.146.240 44.217.13.28 *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.fitmoda.com.br fitmoda.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'self' montransport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' montransport.com blob: https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com; img-src 'self' montransport.com blog.montransport.com https://api.mytako.com https://mytako-release.s3.amazonaws.com data: www.googletagmanager.com https://www.google-analytics.com https://* https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com; frame-src montransport.com www.googletagmanager.com; connect-src 'self' montransport.com data: blob: api.mytako.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src montransport.com https://fonts.gstatic.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' montransport.com https://fonts.googleapis.com https://*.hotjar.com; worker-src blob:; report-uri https://montransport.com/callback.php?action=csp_report; report-to csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-VzRYp-lp_BZ8ctoLeibRYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com data: cdn.checkout.com *.postcodeanywhere.co.uk *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.securetrading.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.cookiebot.com *.postcodeanywhere.co.uk *.securetrading.net *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net *.gstatic.com d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.postcodeanywhere.co.uk *.bing.com *.zdassets.com *.googleapis.com *.lsengineers.co.uk *.google.co.in https://placehold.it *.ayko.com gardenhirespares.co.uk *.placeholder.com placeholder.com http://via.placeholder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com *.googleapis.com *.checkout.com *.pcapredict.com *.trackedweb.net *.cookiebot.com *.adyen.com *.postcodeanywhere.co.uk *.mouseflow.com *.newrelic.com *.nr-data.net *.bing.com *.zendesk.com *.googleadservices.com *.securetrading.net *.zonos.com *.iglobalstores.com *.cookiefirst.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.bootstrapcdn.com *.cookiefirst.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.google-analytics.com *.doubleclick.net *.nr-data.net *.zendesk.com *.zonos.com *.googleapis.com *.bing.com *.cookiefirst.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.hotjar.com *.typekit.net *.reviews.io *.cloudfront.net *.topfurniture.co.uk *.icomoon.io *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.ksearchnet.com *.fontawesome.com *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.hotjar.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.google.com/ *.hotjar.com *.addthis.com *.pinterest.com *.reviews.io *.paypalobjects.com *.finance-calculator.co.uk *.stripe.com *.opayo.eu.elavon.com *.klarna.com *.nosto.com *.nos.to *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.bing.com *.klevu.com *.clarity.ms *.reviews.io *.norton.com *.onetrust.com *.pinterest.com *.cloudfront.net *.klarnacdn.net *.google.co.uk *.topfurniture.co.uk t.co *.twitter.com https://images.unsplash.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.ksearchnet.com *.nosto.com *.nos.to *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.bing.com *.klevu.com *.nosto.com *.hotjar.com *.pinimg.com *.tiktok.com *.addthis.com *.moatads.com *.clarity.ms *.onetrust.com *.zdassets.com *.cloudflare.com *.pcapredict.com *.klarnacdn.net *.reviews.io *.trustpilot.com *.addthisedge.com *.trackedlink.net *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk static.ads-twitter.com *.stripe.com *.opayo.eu.elavon.com *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com data: *.klevu.com *.myfonts.net *.typekit.net *.cloudfront.net *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk *.icomoon.io *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.topfurniture.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.bing.com *.zopim.com *.hotjar.com *.tiktok.com *.clarity.ms topfurnitureltd.zendesk.com *.onetrust.com *.zdassets.com *.hotjar.io *.pinterest.com wss://widget-mediator.zopim.com *.postcodeanywhere.co.uk *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.playground.klarnaevt.com google.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com *.stripe.com *.google.com/ *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com *.klarna.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://bat.bing.com https://cdn.livechatinc.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com *.google.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com https://js-agent.newrelic.com https://bam-cell.nr-data.net *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com player.vimeo.com maps.googleapis.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://portal.envisagedigital.co.uk/api/website/8rhepcgvxf/report-uri; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-VSe2_Kcwtof-Zgr5A-PdbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-g6rH43_qRBudoQaSfZWa_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-h-qaAInFg6dtqMVg_AzfyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/AECT/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AECT/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AECT/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AECT/ https://higherlogicdownload.s3.amazonaws.com/AECT/ https://higherlogiclongterm.s3.amazonaws.com/AECT/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AECT/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AECT/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AECT/ https://higherlogicdownload.s3.amazonaws.com/AECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AECT/ https://higherlogicstream.s3.amazonaws.com/AECT/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AECT/ https://higherlogicdownload.s3.amazonaws.com/AECT/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AECT/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src *.googleapis.com *.gstatic.com data: https://x.klarnacdn.net/ https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://www.facebook.com/ https://payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://player.vimeo.com *.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com https://www.pinterest.co.uk https://payments.securetrading.net www.xtento.com account.fetchify.com *.klarna.com *.google.com/ webservices.securetrading.net *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://cdn.livechatinc.com https://cladcodecking.co.uk https://c.clarity.ms https://www.cladcodecking.co.uk https://*.bing.com https://www.googletagmanager.com www.xtento.com cdn.xtento.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.googletagmanager.com https://chimpstatic.com *.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com *.google.com/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net https://www.google-analytics.com https://*.clarity.ms https://www.clarity.ms https://eu-library.klarnaservices.com https://apps.elfsight.com/ https://js-agent.newrelic.com/ https://ws.zoominfo.com/ https://static.elfsight.com/ player.vimeo.com www.xtento.com cdn.xtento.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com webservices.securetrading.net songbirdstag.cardinalcommerce.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://x.klarnacdn.net *.trustpilot.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://*.clarity.ms https://www.google.co.uk https://rcgmal4n.klarnaservices.com/ https://bam.eu01.nr-data.net/ https://region1.analytics.google.com/ widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://envisagedigital.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'self' https://www-ppd.sauthermes.com/ https://sh3a.ppr-aws.hermes.com/ https://www.sauthermes.com https://sauthermes.com https://www.googletagmanager.com/gtm.js?id=GTM-K89Q83 https://*.vimeocdn.com https://www.google.com/recaptcha/ https://*.gstatic.com https://superpwa-sw.js https://js-agent.newrelic.com https://sibautomation.com https://bam.nr-data.net https://maps.google.com https://maps.googleapis.com https://sc-static.net/sc-pixel-helper.min.js https://tag.aticdn.net/piano-analytics.js https://static.doubleclick.ne https://googleads.g.doubleclick.net https://cdn.cookielaw.org ; report-uri https://helpers.aws.hermes.com/csp-violation/csp-violation-report-endpoint.php 1
object-src 'none';base-uri 'self';script-src 'nonce-jjjY5NnZMYfjHT5vnUU3Dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com/ data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.dotdigital.com *.klarna.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: *.mailchimp.com tracking.qa.paypal.com seal-seflorida.bbb.org x.klarnacdn.net *.playground.klarnaevt.com bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net *.cookielaw.org www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com *.hsforms.net *.hsforms.com www.google.com *.gstatic.com *.cookielaw.org *.onetrust.com *.mailchimp.com *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org tagmanager.google.com gstatic.com x.klarnacdn.net js.playground.klarna.com js.klarna.com bat.bing.com *.trackedlink.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com *.mailchimp.com seal-seflorida.bbb.org *.google.com *.google.de fast.fonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.klarnaevt.com bat.bing.com *.doubleclick.net maps.googleapis.com *.analytics.google.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-W6MeAmSEW_JT2vJaq234XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.croapp.net *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-bUpTRHHpbw1IQNY0mgQA-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-d9CwhiR7N5apOA4kbBK9pA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'self' https://sondriotrasporti.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com maps.googleapis.com s.adroll.com https://connect.facebook.net https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js; connect-src 'self' maps.googleapis.com; img-src 'self' 'unsafe-inline' data: https://maps.gstatic.com maps.googleapis.com 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.sandbox.paypal.com *.paypalobjects.com paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.feefo.com www.google.co.uk *.tawk.to *.sandbox.paypal.com *.paypalobjects.com paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.noibu.com fullstory.com www.fullstory.com *.hotjar.com embed.tawk.to cdn.jsdelivr.net connect.facebook.net *.feefo.com www.roomvo.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.tawk.to *.feefo.com *.sandbox.paypal.com *.paypalobjects.com *.paypal.com paypal.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.roomvo.com *.feefo.com *.tawk.to wss://*.tawk.to *.sandbox.paypal.com *.paypalobjects.com paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.googleapis.com *.gstatic.com www.apptrian.com https://devdocs.magento.com https://www.cloudposintegration.io/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.trustpilot.com https://*.forter.com https://dalv4le16pzj2.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net static.zipmoney.com.au zip.co https://dkupaw9ae63a8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.afterpay.com/ *.squarecdn.com  https://digitalid-sandbox.com/ https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.googleapis.com www.apptrian.com https://devdocs.magento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://d11bdev7tcn7wh.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net  https://*.forter.com  https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-1eGBSx6FzNaL49TkEWFS4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:; report-uri /csp_reports/; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com *.bird.eu scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com www.facebook.com graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com google.com *.kxcdn.com *.gstatic.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google-analytics.com www.googletagmanager.com www.njstart.gov www.google.com region1.google-analytics.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self'; img-src 'self' https: data: blob:; connect-src 'self' blob:; frame-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:;  report-uri https://9ec04c4fa675be0bd04813b93ed11342.report-uri.com/r/d/csp/reportOnly; 1
font-src *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com *.bird.eu https://www.magezon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com oct8necdneu.azureedge.net/ *.peppermoneytest.es *.peppermoney.es 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.cookiebot.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es fledge-eu.creativecdn.com ams.creativecdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com https://img.youtube.com www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms tracker.metricool.com *.abtasty.com *.amazonaws.com *.oct8ne.com oct8necdneu.azureedge.net/ gstatic.com *.peppermoneytest.es oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.cookiebot.com *.google.com www.google.es www.gstatic.com sl.google-analytics.com googleads.g.doubleclick.net *.googleapis.com s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms tracker.metricool.com *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es *.oct8ne.com oct8necdneu.azureedge.net tags.creativecdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com ekr.zdassets.com/ *.cookiebot.com www.google.com *.google.com www.google.es *.googleapis.com www.gstatic.com www.googletagmanager.com sl.google-analytics.com *.g.doubleclick.net s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.chat-tonic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.g.doubleclick.net *.chat-tonic.com *.google.com *.gstatic.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com data: *.googleapis.com *.gstatic.com *.google.com *.google.com.ar *.facebook.com *.amazonaws.com d335luupugsy2.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.mlstatic.com *.mercadopago.com *.googleapis.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.gstatic.com *.chat-tonic.com *.cloudflare.com d335luupugsy2.cloudfront.net https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.data-tree.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.gstatic.com *.chat-tonic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.g.doubleclick.net *.rdstation.com.br analytics.google.com *.facebook.net https://www.google-analytics.com data-tree.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com niko-productguide.solyd.be *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com *.koongo.com *.google.pt *.google.be *.google.com.tr *.bing.com maps.googleapis.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com js.mollie.com static.hotjar.com *.bing.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.cookie-script.com *.trustpilot.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://*.ingest.sentry.io ekr.zdassets.com/ *.koongo.com stats.g.doubleclick.net maps.googleapis.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.mundipagg.com api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.smarthint.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com api.mundipagg.com api.pagar.me api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.wojsko-polskie.pl *.facebook.net *.googleapis.com region1.google-analytics.com *.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klarnacdn.net fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.zopim.com *.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process *.google.com www.mesoestetic.es 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com www.mesoestetic.es 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.fls.doubleclick.net *.facebook.com *.googlesyndication.com *.awin1.com *.zenaps.com magento-cloudflare.jetrails.com www.youtube.com *.klarna.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.pagantis.com *.instagram.com *.ups.com *.addthis.com *.hotjar.com *.hotjar.io www.mesoestetic.es 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com *.klarna.com *.klarnaevt.com *.klarnacdn.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com maps.gstatic.com *.google.es *.google.nl cdn.digitalorigin.com d23yuld0pofhhw.cloudfront.net *.zopim.io *.zopim.com *.nosto.com bat.bing.com *.mesoestetic.com *.cookielaw.org lantern.roeye.com *.iyzipay.com https://sandbox-static.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl cdn.scalapay.com b2c-cdn.scalapay.com *.stripe.com klarna.com *.klarnaevt.com maps.googleapis.com *.instagram.com *.zdassets.com *.doofinder.com *.cookielaw.org *.pagantis.com static-eu.payments-amazon.com *.onetrust.com *.nosto.com *.zopim.com *.bing.com g990421675.co g792337340.co g990421676.co g792337342.co g9508048080.co g10300385420.co geotargetly-api-2.com *.microsoft.com bam.eu01.nr-data.net *.addthis.com *.moatads.com *.addthisedge.com *.cloudflare.com mc.yandex.ru *.hotjar.com *.hotjar.io *.qly.site1.sibs.pt *.iyzipay.com https://sandbox-api.iyzipay.com https://sandbox-static.iyzipay.com www.mesoestetic.es https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com downloads.mailchimp.com *.klarnacdn.net https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com www.bing.com *.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.zdassets.com www.mesoestetic.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.stripe.com klarna.com wss://*.zopim.com *.zendesk.com *.zdassets.com *.doofinder.com *.cookielaw.org *.amazon.es *.amazon.com *.amazon.de *.amazon.fr *.amazon.pt *.amazon.it *.onetrust.com *.nosto.com *.bing.com bam.eu01.nr-data.net *.addthis.com *.zopim.com mc.yandex.ru *.hotjar.com ws.hotjar.com *.hotjar.io *.iyzipay.com *.sentry.io https://sandbox-api.iyzipay.com https://stg.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com www.mesoestetic.es http: https: blob: 'self' 'unsafe-inline'; default-src www.mesoestetic.es 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /contact; report-to report-endpoint; 1
font-src https://geowidget.easypack24.net *.fontawesome.com *.googleapis.com *.gstatic.com *.stape.io maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net https://geowidget-app.inpost.pl/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io *.google.com/ pay.google.com pudofinder.dpd.com.pl *.doubleclick.net *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://pixel.wp.pl *.google.pl *.google.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://www.magezon.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.stape.io https://img.youtube.com static.przelewy24.pl www.gstatic.com gstatic.com 'self' data: *.consentmanager.net data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://pixel.wp.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.fontawesome.com *.googleapis.com *.gstatic.com *.poczta-polska.pl https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.snrbox.com ruch-osm.sysadvisors.pl *.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.googleapis.com *.googletagmanager.com *.stape.io maxcdn.bootstrapcdn.com fonts.googleapis.com *.gstatic.com *.snrcdn.net ruch-osm.sysadvisors.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://stats.g.doubleclick.net *.google.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.poczta-polska.pl https://*.ingest.sentry.io ekr.zdassets.com/ *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.stape.io https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.snrbox.com server-side-tagging-ceddw3fo6q-uc.a.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: oct8necdneu.azureedge.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com fonts.bunny.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es test.saferpay.com www.saferpay.com saferpay.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com *.doubleclick.net *.facebook.com *.vimeo.com *.cookiebot.com *.oct8ne.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com collect.trbo.com track2.trbo.com *.sovendus.com *.gutscheinconnection.de e.issuu.com oswald.onlyfy.jobs 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googleapis.com *.google.com *.google.es *.google.com.br *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com test.saferpay.com www.saferpay.com saferpay.com moe-email-campaigns.s3.amazonaws.com *.moengage.com *.betaroiup.com *.oswald-info.com ade.googlesyndication.com *.google.ch *.sovendus.com *.gutscheinconnection.de ch.media.oswald-info.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com embed.typeform.com bam.eu01.nr-data.net js-agent.newrelic.com oswald-info.com cdn.freshmarketer.com www.googletagservices.com pagead2.googlesyndication.com static.trbo.com api-v4.trbo.com *.sovendus.com *.gutscheinconnection.de *.adt313.net bat.bing.com *.clarity.ms oswald.onlyfy.jobs oswald.jobbase.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.moengage.com fonts.bunny.net stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com test.saferpay.com www.saferpay.com saferpay.com *.moengage.com bam.eu01.nr-data.net oswald-info.com consentcdn.cookiebot.com *.sovendus.com *.gutscheinconnection.de *.clarity.ms pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.magmodules.eu *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.datatrics.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.sparelys.no *.trioweb.net *.trioweb.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com blob: https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.snapchat.com apis.google.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.sparelys.no *.trioweb.net *.trioweb.dev *.google.no *.google.se *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com *.europa.eu apis.google.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com unpkg.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.stripe.com klarna.com *.klarnaevt.com *.sparelys.no *.trioweb.net *.trioweb.dev *.g.doubleclick.net *.bing.com *.clarity.ms sc-static.net apis.google.com invitejs.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com www.googletagmanager.com *.sparelys.no *.trioweb.net *.trioweb.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.pdf995.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.sparelys.no *.trioweb.net *.trioweb.dev *.g.doubleclick.net *.bing.com *.clarity.ms *.snapchat.com apis.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://nominatim.openstreetmap.org https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com td.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://img.youtube.com s.w.org *.degezondewereld.nl *.degezondewereld.be cdn.klarna.com www.google.nl *.tinymce.com flagpedia.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.vivapayments.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io matomo.dutch-headshop.nl *.tiny.cloud *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ https://get.geojs.io *.avada.io stats.g.doubleclick.net matomo.dutch-headshop.nl pagead2.googlesyndication.com google.com *.tiny.cloud www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://a.realsrv.com/ad-provider.js https://ajfnee.com/p/waWQiOjExMzUyMzUsInNpZCI6MTE2MDcxNiwid2lkIjozNzgyNTIsInNyYyI6Mn0=eyJ.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://yqmxfz.com/pw/waWQiOjExMzUyMzUsInNpZCI6MTE2MDcxNiwid2lkIjozNzgyNTEsInNyYyI6Mn0=eyJ.js; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://kiynew.com https://prhzxq.com https://region1.google-analytics.com https://syndication.realsrv.com https://www.google-analytics.com https://yqmxfz.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' data: https://eliss-vas.com https://i.wmgtr.com https://s.w.org https://s3t3d2y8.afcdn.net https://secure.gravatar.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self' https://s3t3d2y8.afcdn.net; report-uri https://632c6046ef389e2c71225394.endpoint.csper.io/?v=5; worker-src blob:; 1
font-src fonts.gstatic.com fonts.googleapis.com use.typekit.net maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com social-plugins.line.me www.facebook.com www.google.com vars.hotjar.com vault.omise.co secure.authorize.net test.authorize.net www.googletagm cdn.omise.co jaspallynaround.freshdesk.com www.youtube.com https://cdn.omise.co *.weltpixel.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.googleapis.com www.w3.org www.google.co.in mcprod.lynaccs.com connect.facebook.net d3k81ch9hvuctc.cloudfront.net api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com https://a.klaviyo.com flagpedia.net *.myshopify.com *.shopify.com *.saas.talismaonline.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com iubenda.com cdn.iubenda.com a.klaviyo.com static.hotjar.com l.getsitecontrol.com script.hotjar.com bam.nr-data.net s3.amazonaws.com www.iubenda.com js.createsend1.com player.vimeo.com static-tracking.klaviyo.com dynamic.criteo.com https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.typekit.net p.typekit.net static.klaviyo.com s3.amazonaws.com maxcdn.bootstrapcdn.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com bam-cell.nr-data.net static-forms.klaviyo.com youtube.com googletagmanager.com paypal.com bam.nr-data.net l.getsitecontrol.com stats.g.doubleclick.net vc.hotjar.io maps.googleapis.com telemetrics.klaviyo.com www.facebook.com a.klaviyo.com hits-i.iubenda.com api-js.datadome.co https://cdn.omise.co https://static.klaviyo.com https://fast.a.klaviyo.com www.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com/ www.googletagmanager.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net *.yotpo.com *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com polyfill.io https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com *.yotpo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.mercadolibre.com *.getbeamer.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.getbeamer.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com http://viacep.com.br *.getbeamer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.getbeamer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.mercadopago.com *.getbeamer.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ js.mollie.com vars.hotjar.com app.usercentrics.eu cdn.lightwidget.com www.xtento.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://www.mollie.com www.google.de *.cdninstagram.com app.usercentrics.eu bat.bing.com lt45.net www.xtento.com cdn.xtento.com maps.gstatic.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com *.google.com/ js.mollie.com static.hotjar.com script.hotjar.com bat.bing.com app.usercentrics.eu cdn.lightwidget.com *.clarity.ms cq.reellworld.com www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com graph.instagram.com in.hotjar.com bat.bing.com graphql.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu *.clarity.ms cq.reellworld.com www.google.de *.analytics.google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com 'self' data: fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com static.zdassets.com www.gstatic.com script.hotjar.com static.hotjar.com googleadservices.com maps.googleapis.com/ 'self' 'unsafe-inline'; frame-ancestors static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com googleadservices.com maps.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com mldp.mercadopago.com www.mercadolibre.com vars.hotjar.com *.doubleclick.net *.pinterest.com *.tryadviser.com *.webviewer.appar.io *.paperless.com.pe *.extranetrosen.cl 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.extranetrosen.cl *.hsforms.com track.hubspot.com mercadopago.cl www.mercadopago.cl *.google.com.cl static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com *.pinterest.com *.sendtric.com *.tryadviser.com *.adnxs.com *.linkedin.com *.doubleclick.net *.rosen.cl *.rosen.com.pe *.sonataplatform.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.dpm.demdex.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com http2.mlstatic.com secure.mlstatic.com www.extranetrosen.cl static.zdassets.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleoptimize.com static.hotjar.com *.google.com *.google.cl script.hotjar.com js.hsleadflows.net *.pinimg.com www.youtube.com *.tryadviser.com *.adnxs.com *.hsadspixel.net *.verificado.ai snap.licdn.com *.google-analytics.com *.commerce.adobe.net *.magento.com *.mercadopago.com *.hscollectedforms.net *.doubleclick.net *.omtrdc.net *.googletagmanager.com *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.mouseflow.com *.hubspot.com *.vnforapps.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com cdn.dnky.co *.googleapis.com *.gstatic.com *.rosen.cl *.rosen.com.pe www.extranetrosen.cl *.tryadviser.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.mercadopago.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com static.zdassets.com v2.zopim.com ekr.zdassets.com rollbar-eu.zendesk.com wa.me *.hubspot.com stats.g.doubleclick.net rosen.zendesk.com wss://widget-mediator.zopim.com *.hotjar.com vc.hotjar.io www.facebook.com public.delivery.janisqa.in public.delivery.janis.in *.google.cl *.pinterest.com wss://*.hotjar.com *.hscollectedforms.net *.hubapi.com *.amazonaws.com *.amazon.com *.zendesk.com *.linkedin.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.xtento.com *.klarna.com *.resurs.com *.vimeo.com *.google.com *.googletagmanager.com *.chatbotize.com *.cookieinformation.com *.trustpilot.com *.viabill.com *.doubleclick.net *.getzowie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.xtento.com cdn.xtento.com *.bird.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.bing.com *.magentocommerce.com *.sleeknote.com sharkgaming.dk sharkgaming.se sharkgaming.no *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.google.dk *.google.se *.google.no *.visualwebsiteoptimizer.com *.charpstar.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com www.xtento.com cdn.xtento.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.resurs.com *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.visualwebsiteoptimizer.com *.app.cookieinformation.com *.sleeknote.com *.viabill.com *.trustpilot.com *.emaerket.dk *.payever.org *.hotjar.com *.bing.com addrevenue.io *.retargeted.co *.getzowie.com *.zopim.com *.adii.se *.scratcher.io *.charpstar.net *.azureedge.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.omtrdc.net data: 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.charpstar.net *.klaviyo.com *.doubleclick.net *.google.com *.app.cookieinformation.com *.getzowie.com *.zopim.com *.browser-intake-datadoghq.eu *.googlesyndication.com blob: *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.payever.org *.elastic-cloud.com addrevenue.io *.chatbotize.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src-elem *.omtrdc.net embed.sendcloud.sc *.gstatic.com chimpstatic.com *.google.com vapo.indvp.com *.google-analytics.com apis.google.com widget.trustpilot.com invitejs.trustpilot.com assets.adobedtm.com paypal.com web-sdk.aptrinsic.com *.demdex.net *.zdassets.com *.redsys.es *.sequracdn.com; font-src *.fontawesome.com maxcdn.bootstrapcdn.com cdn.vapo.es *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.vivapayments.com *.redsys.es *.sequracdn.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.sendcloud.sc widget.trustpilot.com embed.sendcloud.sc *.redsys.es *.sequracdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es cdn.vapo.es sis.redsys.es amasty.com cdn.klarna.com *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.vivapayments.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sendcloud.sc google.com googleadservices.com google-analytics.com paypal.com sandbox.paypal.com paypalobjects.com youtube.com gstatic.com apis.google.com static.zdassets.com ekr.zdassets.com widget.trustpilot.com invitejs.trustpilot.com vapo.zendesk.com ajax.cloudflare.com cdn.vapo.es https://*.googletagmanager.com js-agent.newrelic.com chimpstatic.com embed.sendcloud.sc *.aptrinsic.com *.sequracdn.com *.redsys.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.vapo.es fonts.googleapis.com *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com static.zdassets.com ekr.zdassets.com vapo.zendesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net bam.nr-data.net embed.sendcloud.sc *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' www.google.com ; img-src 'self' googletagmanager.com data: 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.333obra.com.br *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' data: *.demdex.net *.online-metrix.net *.doubleclick.net *.braintreegateway.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com maps.gstatic.com *.google.com *.google.com.br *.facebook.com https://*.cloudfront.net https://cdn.cookielaw.org https://*.hotjar.com https://*.nr-data.net https://*.adobe.com https://*.adobedtm.com https://*.demdex.net https://cimentobomdemais.com.br *.333obra.com.br *.clarity.ms *.bing.com https://s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/verified.svg https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/ra-logo.svg https://votorantimcimentoshelp1697804564.zendesk.com https://*.votorantimcimentoshelp.zendesk.com https://static.zdassets.com/web_widget/latest/default_avatar.png https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com connect.facebook.net js-agent.newrelic.com https://cdn.cookielaw.org https://*.cloudfront.net https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://bam.nr-data.net https://*.hotjar.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://cdn.popconvert.com.br/widget/popconvert.js https://cdn.popconvert.com.br/widget/dist/js/app.js https://cdn.pn.vg https://www.clarity.ms https://bat.bing.com/bat.js https://*.sentry-cdn.com https://*.zendesk.com https://static.zdassets.com https://*.s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://sdk.crmback.io/connect.js https://plugins.crmback.io/helpers/tresobra.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.css https://*.hotjar.com 'unsafe-inline' https://s3.amazonaws.com https://s3.amazonaws.com/raichu-beta/ra-verified/styles.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://h.online-metrix.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://viacep.com.br maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.cookielaw.org https://privacyportal-br.onetrust.com https://geolocation.onetrust.com https://*.cloudfront.net *.rdstation.com.br https://bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.adobe.com *.adobedtm.com *.demdex.net *.magentocommerce.com *.doubleclick.net *.googleadservices.com *.vimeocdn.com *.vimeo.com *.youtube.com *.omtrdc.net *.googletagmanager.com *.adobedc.net *.magento.com *.adobe.io *.adobe.net *.magedevteam.com *.metrix.net *.geojs.io *.braintreegateway.com wa.me web.whatsapp.com *.snplow.net performance.typekit.net paypal.com paypalobjects.com *.online-metrix.net viacep.com.br 'self' data: 'unsafe-inline' gyruss.rdops.systems/v2/conversions osp-assets.pn.vg *.clarity.ms https://*.ingest.sentry.io/api https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://*.zendesk.com https://*.s3.amazonaws.com https://static.zdassets.com https://ekr.zdassets.com https://iosite.reclameaqui.com.br wss://pod-27.zendesk.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://onsite.crmback.io/collect https://x.cbstatus.net/check https://www.333obra.com.br/share_cart/action/link/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://shopline.itau.com.br *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.pagar.me *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.pagar.me https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io http://api.itaushopline.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qRBnymIwZqK1qGQ0bmydBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src http://maxcdn.bootstrapcdn.com/font-awesome/ https://widgets.trustedshops.com/ https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com/recaptcha/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://gum.criteo.com/ https://static.criteo.net/ https://config1.veinteractive.com/ *.google.com/ https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://widgets.trustedshops.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.com/ads/ https://www.google.de/ads/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.gstatic.com/ https://ssl.gstatic.com/ https://www.google-analytics.com/ https://www.google.com/ https://bat.bing.com/ https://files.newsletter2go.com/ https://ad.mail.ru/ https://ads.yieldmo.com/ https://sync-criteo.ads.yieldmo.com/ https://ad.sxp.smartclip.net/ https://pixel.rubiconproject.com/ https://gum.criteo.com/ https://sp.analytics.yahoo.com/ https://s.ad.smaato.net/ https://i.liadm.com/ https://i6.liadm.com/ https://sync.outbrain.com/ https://sync.e-planning.net/ https://sync-t1.taboola.com/ https://ib.adnxs.com/ https://simage2.pubmatic.com/ https://visitor.omnitagjs.com/ https://cm.adform.net/ https://beacon.krxd.net/ https://dis.criteo.com/ https://cm.g.doubleclick.net/ https://criteo-sync.teads.tv/ https://secure.adnxs.com/ https://ad.360yield.com/ https://match.sharethrough.com/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://ads.yahoo.com/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://us-u.openx.net/ https://eb2.3lift.com/ https://contextual.media.net/ https://cotads.adscale.de/ https://ih.adscale.de/ https://tg.socdm.com/ https://x.bidswitch.net/ https://ad.yieldlab.net https://ads.stickyadstv.com/ https://cdn.stickyadstv.com/ https://idsync.rlcdn.com/ https://jadserve.postrelease.com/ https://criteo-partners.tremorhub.com/ https://pixel.tapad.com/ https://s.thebrighttag.com/ https://www.magezon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://www.googletagmanager.com/ https://tagmanager.google.com/ http://widgets.trustedshops.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://secure.pay1.de/ https://static.newsletter2go.com/ https://sslwidget.criteo.com/ https://top-fwz1.mail.ru/ https://static.criteo.net/ https://config1.veinteractive.com/ https://autocomplete2.postdirekt.de/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://tagmanager.google.com/ https://fonts.googleapis.com/ *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.newsletter2go.com/ https://top-fwz1.mail.ru/ https://www.paypal.com/ https://www.facebook.com/ https://autocomplete2.postdirekt.de/ autocomplete2.postdirekt.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' marpax.com.br *.marpax.com.br marpax.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.mercadopago.com *.mlstatic.com *.smarthint.co *.conectiva.io *.sunset.systems *.cartstack.com.br *.app.cartstack.com *.performa.ai *.cupom.social *.conectiva.app conectiva.io app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai cartstack.com.br app.cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai googleads.g.doubleclick.net connect.facebook.net *.facebook.net *.g.doubleclick.net eficazmarketing.com *.google.com.br *.googleadservices.com *.tiktok.com *.fbitsstatic.net marpax.fbitsstatic.net google.es analytics.tiktok.com *.google.es *.eficazmarketing.com googletagmanager.com *.googletagmanager.com *.mailclick.me *.s3.amazonaws.com *.movidesk.com *.global-cache.online *.pangle-ads.com *.yviews.com.br *.ecmacore.com *.co.uk *.google.com *.google.de *.clearsale.com.br *.fbits.net *.google-analytics.com analytics.pangle-ads.com s.pinimg.com *.pinimg.com facebook.com *.facebook.com *.googlesyndication.com *.pinterest.com *.doubleclick.net *.clarity.ms *.hotjar.com *.bing.com *.pn.vg *.hertzen.com *.lomadee.com *.online-metrix.net *.bonifiq.com.br *.properties *.pagespeed-mod.com *.com.py *.conoret.com *.nr-data.net *.w88p9x.com *.fbits.store *.adyen.com *.googleapis.com translate.googleapis.com google-analytics.com google.nl *.google.nl *.google.hu google.hu google.com.ar *.com.ar *.google.ca google.ca google.co.ao *.co.ao translate-pa.googleapis.com *.com.uy google.com.uy google.com.co *.com.co google.dz *.google.dz google.co.jp google.co.uk ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.marpax.com.br marpax.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.co.il https://www.myheritage.co.il  'unsafe-eval' 'nonce-239cea43d6409a00c0ede7457ebb97cb' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' seustillo.com.br *.seustillo.com.br seustillo.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com tagmanager.google.com business.facebook.com analytics.google.com *.googleadservices.com *.g.doubleclick.net *.*rdstation.com.br *.rdstation.com.br popups.rdstation.com.br static.i-goal.com.br analytics.i-goal.com.br *.mimo.com.br assets-shorts.mimo.com.br *.shorts.mimo.com.br *.fbits.store analytics.tiktok.com *.tiktok.com *.adyen.com *.googleapis.com *.google.com *.google.com* *.googleapis.com* *.i-goal.com.br *.google.com.br* ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.seustillo.com.br seustillo.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com data: *.dhlparcel.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://seo.mageplaza.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com *.sharethis.com *.addthis.com *.facebook.com *.twitter.com js.mollie.com *.cookiebot.com *.doubleclick.net *.criteo.com *.kiyoh.com *.robinhq.com *.pinterest.com *.googlesyndication.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com *.sharethis.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthisedge.com *.twitter.com https://www.mollie.com *.dhlparcel.nl viavaishoes.com *.viavaishoes.com *.viavai.bluebirdday.io *.bluebirdday.io maps.gstatic.com *.ggpht *.google.com *.google.nl *.googletagmanager.com *.trustedshops.com *.facebook.com *.pinterest.com *.gravatar.com *.percolate-3.hipex.cloud *.bing.com *.windows.net robincontentdesktop.blob.core.windows.net *.doubleclick.net *.google-analytics.com *.clarity.ms *.speedcurve.com *.linkedin.com *.sendtric.com *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.sharethis.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com js.mollie.com *.dhlparcel.nl maps.googleapis.com *.google.nl *.googleoptimize.com *.googleadservices.com *.viavaishoes.com *.pushbird.com chimpstatic.com *.cookiebot.com *.pinimg.com *.criteo.net *.criteo.com *.bing.com unpkg.com *.klaviyo.com *.google-analytics.com *.clarity.ms *.robinhq.com robincontentdesktop.blob.core.windows.net surfly.com *.surfly.com *.msecnd.net *.vo.msecnd.net *.googlesyndication.com *.cookie-script.com *.tiktok.com *.licdn.com *.speedcurve.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fontawesome.com https://static.klaviyo.com *.googleapis.com *.klaviyo.com *.dhlparcel.nl tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.sharethis.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.dhlparcel.nl *.viavaishoes.com *.klaviyo.com *.doubleclick.net *.pinterest.com *.bing.com *.google-analytics.com *.analytics.google.com *.clarity.ms surfly.com *.surfly.com *.visualstudio.com *.cookiebot.com *.tiktok.com *.linkedin.com *.googlesyndication.com *.cookie-script.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.facebook.com *.twitter.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.addthisedge.com *.twitter.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.googletagmanager.com *.facebook.net *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.avada.io maps.googleapis.com cdn.ampproject.org connect.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com downloads.mailchimp.com maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com int-ecommerce.nexi.it ecommerce.nexi.it *.google-analytics.com https://get.geojs.io *.avada.io cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'self'; base-uri 'self'; font-src 'self' data: https://c0.wp.com; frame-src 'self'  https://bld.g.doubleclick.net https://consentcdn.cookiebot.com https://insight.adsvr.org https://platform.twitter.com https://www.google.com https://www.youtube.com https://match.adsvr.org https://insight.adsvr.org; img-src 'self' data: https://pixel.rubiconproject.com https://ups.analytics.yahoo.com https://forms.hsforms.com *.doubleclick.net https://i0.wp.com https://insight.adsvr.org https://perf.hsforms.com https://pixel.wp.com https://px.ads.linkedin.com https://syndication.twitter.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://ib.adnxs.com https://match.adsvr.org *.googletagmanager.com https://alb.reddit.com https://bat.bing.com https://secure.gravatar.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src 'report-sample' 'self' https://bat.bing.com/bat.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.hsforms.net/forms/embed/v2.js https://pagead2.googlesyndication.com/pagead/conversion/716916526/ https://s7.addthis.com/js/300/addthis_widget.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ws.zoominfo.com/pixel/638518fbec4010c99aefad7 https://www.clarity.ms/tag/h0uim2tkk6 https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js; style-src 'report-sample' 'self' https://cdn.myfontastic.com; connect-src 'self' https://bat.bing.com https://*.clarity.ms https://pagead2.googlesyndication.com https://ws.zoominfo.com https://www.google-analytics.com; report-uri /_contentsecurity; 1
font-src *.gstatic.com data: *.stape.io *.fontawesome.com *.googleapis.com * *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io *.facebook.com * *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.facebook.net *.fontawesome.com * maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com * *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.stape.io * *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google-analytics.com www.google.com *.doubleclick.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.super99.com *.scene7.com *.facebook.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.braintreegateway.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-audiences.magento-ds.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.facebook.net *.connect.facebook.net https://smetrics.super99.com *.super99.com *.cardinalcommerce.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.googleadservices.com *.google-analytics.com *.google.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.cybersource.com *.braintreegateway.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com beacon-audiences.magento-ds.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.googleapis.com *.super99.com https://smetrics.super99.com *.cardinalcommerce.com *.facebook.com *.paypal.com *.pingdom.net *.woorank.com *.youtube.com *.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com *.magento-ds.com *.braintreegateway.com *.braintree-api.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-5d1efef31a93592efacc2c693fc0ed08bf970a31d2f18ca8e1d8eaea8b9ffadf' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.licdn.com t.co *.ads-twitter.com s.tradingview.com recruitingbypaycor.com *.squarespace.com *.cloudfront.net s3.tradingview.com *.facebook.net cdn.acsbapp.com *.twitter.com use.typekit.com *.facebook.com *.linkedin.com www.tradingview-widget.com images.squarespace-cdn.com p.typekit.net acsbapp.com newton.newtonsoftware.com www.googletagmanager.com *.googleapis.com *.vimeo.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-7ATlmbLtEhz6rG53ThbCaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-W0aGLJOfaX-H-55CRtRT2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-2-8AOQ6fcNT4mXLIt0rYzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.squarecdn.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com 'self' data: https://square-fonts-production-f.squarecdn.com/ https://d1g145x70srn7h.cloudfront.net/ *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com https://pci-connect.squareup.com https://connect.squareup.com https://pci-connect.squareupsandbox.com https://connect.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://acs-us-east-1.ndsprod.nds-sandbox-issuer.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.afterpay.com/ blueskytechmage.com mageblueskytech.com placehold.jp ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com https://www.gstatic.com/ https://sandbox.api.cash.app/ https://site-assets.afterpay.com/ https://sandbox.web.squarecdn.com/ https://api.cash.app/ https://web.squarecdn.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ www.xtento.com cdn.xtento.com *.freshchat.com *.amazonaws.com *.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com https://player.vimeo.com https://www.youtube.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in https://js.squareup.com https://js.afterpay.com/ https://nd.squarecdn.com https://js.squareupsandbox.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://portal.sandbox.afterpay.com/ https://portal.afterpay.com/ https://cdn.plaid.com/ https://sandbox.kit.cash.app/ https://kit.cash.app/ www.xtento.com cdn.xtento.com d1qfms639rfa0y.cloudfront.net *.freshchat.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://sandbox.web.squarecdn.com https://web.squarecdn.com https://sandbox.kit.cash.app/ https://kit.cash.app/ https://fonts.googleapis.com/ *.typekit.net *.sezzle.com *.freshchat.com *.cdnfonts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com ekr.zdassets.com/ *.google-analytics.com *.google.com www.gstatic.com maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://pci-connect.squareup.com https://pci-connect.squareupsandbox.com https://api.amplitude.com/ https://api.squareupsandbox.com/ https://api.squareup.com/ https://o160250.ingest.sentry.io/ *.sezzle.com *.lab.amplitude.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-YbuM4ZfjXhOaXzzKHVkmKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-la5WDScnreV6fHbjhJ0ClA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-shDxjD3mB4lrXq4HlMxPTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-UHJjlFU_WVM8iB76l0N2gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a_vEjDP6pMOETo6qVXcSsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com landofcoder.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com landofcoder.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.kueskipay.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.kueskipay.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.kueskipay.com *.mercadolibre.com multicobros.banorte.com *.opencontrol.mx *.kaptcha.com *.openpay.pe eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.google.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.avada.io *.mlstatic.com *.mercadopago.com multicobros.banorte.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com https://static.klaviyo.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.paypal.com *.sandbox.paypal.com *.paypalobjects.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kueskipay.com *.doubleclick.net https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com multicobros.banorte.com *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com landofcoder.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-X-2kNfx92eigcQ-97prMXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; script-src 'self' www.gstatic.com/cast/ www.gstatic.com/cv/js/sender/v1/cast_sender.js www.gstatic.com/eureka/clank/ cdn.segment.com app.intercom.io widget.intercom.io js.intercomcdn.com; img-src * data: blob:; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com; font-src 'self' use.typekit.net fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com; connect-src 'self' *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com api.segment.io api.mapbox.com; object-src 'none'; report-uri /csp 1
object-src 'none';base-uri 'self';script-src 'nonce-pmekLpRdNlCkZqtJUcfL3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com *.gstatic.com data: *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com thm.visa.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-j_fTF9AB6D-RpxwHg-3wYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.exploretock.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com pixel.wp.com *.cloudfront.net use.typekit.net www.google-analytics.com olivia.paradox.ai *.gstatic.com p.typekit.net acsbapp.com *.facebook.com cdn.cookielaw.org cdn.acsbapp.com app.anyroad.com www.googletagmanager.com *.googleapis.com *.facebook.net stats.wp.com *.doubleclick.net cdnjs.cloudflare.com integrations.anyroad.com us-d.wayin.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce--afHPIDEm3PwhQ9t-FV-NA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BiAvV4hdPATsutKIUck_7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' *.googleusercontent.com https://unpkg.com *.googleusercontent.com https://www.firstbus.co.uk *.gstatic.com *.google.co.uk *.facebook.com *.googleapis.com *.hotjar.com *.contentsquare.net *.ads-twitter.com *.unpkg.com *.tiktok.com *.googleadservices.com *.twitter.com *.youtube.com *.google-analytics.com *.google.com *.facebook.net *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.sc-static.net *.thisisdax.com *.adform.net *.cloudflare.com *.t.co *.adnxs.com *.snapchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypalobjects.com *.paypal.com *.comcarde.com *.vimeo.com https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://unpkg.com/@googlemaps/markerclustererplus@1.2.10/dist/index.min.js *.unpkg.com https://unkpkg.com https://sc-static.net https://www.google.co.uk *.gstatic.com *.googleapis.com *.hotjar.com *.contentsquare.net *.ads-twitter.com *.unpkg.com *.licdn.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.google.com *.jsdelivr.net *.facebook.net *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.sc-static.net *.adform.net *.cloudflare.com *.adnxs.com *.snapchat.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com api.braintreegateway.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.unpkg.com *.jquery.com; img-src 'self' 'unsafe-inline' data: *.paypalobjects.com https://adservice.google.com *.google.com https://www.google.com *.gstatic.com *.google.gg *.google.bs *.google.tn *.google.hn *.google.com.om *.google.com.ag *.google.com.ng *.googleusercontent.com *.google.com.gi *.google.es *.google.com.mx *.google.dk *.ggpht.com *.google.is *.google.me *.google.com.co *.google.com.ec *.facebook.net *.firstbus.co.uk *.googletagmanager.com *.google.ad *.google.hu *.google.gy *.google.co.bw *.google.com.lb *.google.ca *.google.com.hk *.google.mg *.google.co.ma *.google.jo *.google.com.qa *.google.com.pr *.wwe.com *.google.im *.google.fr *.linkedin.com *.facebook.com *.google.cz *.google.cl *.google.co.in *.google.com.sa *.google.com.bd *.google.pt *.google.nl *.google-analytics.com *.google.co.th *.google.lv *.google.com.ph *.cookiepro.com *.firstgroup.com *.google.no *.google.co.id *.google.be *.google.com.sg *.google.co.kr *.google.sk *.google.gr *.google.com.tr *.google.co.tz *.google.com.au *.google.lk *.google.com.my *.google.kg *.kellysford.com *.ytimg.com *.google.kz *.google.rs *.blacksportsonline.com *.google.lu *.google.com.eg *.google.pl *.google.com.mt *.google.com.cy *.google.mv *.google.com.jm *.google.cv *.twitter.com *.google.bg *.google.fi *.google.com.ar *.google.ee *.google.com.gh *.google.co.jp *.doubleclick.net *.ipromote.com *.google.cn *.google.ae *.google.com.et *.google.ru *.google.com.bo *.google.je *.google.com.pe *.adnxs.com *.google.ch *.google.se *.google.ro *.google.co.nz *.plusbus.info *.google.co.uk *.google.hr *.google.com.tw *.google.it *.paypal.com *.google.com.np *.googleapis.com *.google.cm *.pinimg.com *.google.com.br *.google.co.za *.leanlibrary.app *.google.dm *.google.com.kw *.google.mk *.google.com.pk *.google.tt *.google.co.ke *.google.com.bh *.google.lt *.google.com.bn *.thisisdax.com *.google.at *.google.ie *.google.de *.t.co *.google.si *.google.lv assets.braintreegateway.com checkout.paypal.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.gstatic.com; frame-src * 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.google.co.uk *.cardinalcommerce.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.comcarde.com *.cookiepro.com https://www.facebook.com https://www.facebook.com *.analytics.google.com *.snapchat.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://tr.snapchat.com/p *.google.rs *.google.be *.google.ae *.google.gg *.google.com.om *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.com.co *.w88p9x.com *.adtonus.com *.googletagmanager.com *.doublestat.info *.google.hu *.google.co.bw *.google.ca *.google.com.hk *.rktds.net *.privacy-protector-adblocker.com *.wedata.net *.google.im *.google.fr *.linkedin.com *.amcreativemedia api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com; report-uri https://heldertesting.spideronline.co.uk/csp-report-endpoint/index.php 1
object-src 'none';base-uri 'self';script-src 'nonce-5ICdMqESM62-Pv90Qij1GA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; connect-src 'self' https://search.yieldgiving.com https://cdn.usefathom.com; default-src 'self'; form-action 'self'; img-src 'self' https://cdn.usefathom.com data: https:; media-src 'self'; object-src 'self'; script-src 'self' 'sha256-4tC2rhASw1F93uExSWYFrXV57pUM4Z56o07VqGXuXB4=' 'sha256-42RKS4wuARLi310BKqe6P+aej6Rnc9Bjp9iYc6o8sAU=' 'sha256-/6wU5WORTQOOQ0pvGRjqJiyg6v0sVj4xmD+Zdri3S8s=' 'sha256-HE2AVZSba4+Z99iWdZVF6efM3Cpx0epqBq3GyipWa5Y=' 'sha256-QCGmXP9pPIvAzrB5VyrPjs6sZul1yKOe1ZyXKo++Lxs=' https://cdn.usefathom.com/script.js https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' 'unsafe-hashes'; frame-src 'self'; frame-ancestors 'self'; 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.stripe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.avada.io *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://*.googleapis.com *.typekit.net *.fontawesome.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-DcOqyUOcSM/mzbr6ywg4S97czc2zoItynniTRYyWTOc='; base-uri 'self';report-to csp-endpoint 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * ; style-src * 'unsafe-inline'; media-src * data:; report-uri https://www.blickle.com:9000/registercsp2; report-to cspreport; 1
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.stripe.com *.google.com *.opayo.eu.elavon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.stripe.com *.google.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com https://images.unsplash.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-b5ezOdTY4QpbwgSVXoMltw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oxxflODcF8pNd7VduD7zMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dqf8sV1qVSEUQSVXn8VpDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zaInvV-Y4R2HZLc80Gn2cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kAwukuQqAbvqxWHxqCRz6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; font-src * data: 'unsafe-eval' 'unsafe-inline'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com bat.bing.com *.facebook.net *.r.appspot.com s.yimg.com adservice.google.com *.onetrust.com pi.pardot.com *.facebook.com www.google.com nexus.ensighten.com www.googletagmanager.com *.googleapis.com *.linkedin.com *.doubleclick.net *.adsrvr.org *.licdn.com *.cloudfront.net www.google-analytics.com sp.analytics.yahoo.com cdn.acsbapp.com cdn.cookielaw.org acsbapp.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-_O3p4stPLkYl6ABztCiz_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-l/4YF38AzOXmt1KF5Szmug==' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; style-src 'self' 'unsafe-inline' *.typeform.com; connect-src 'self' https://cdn.ampproject.org https://consent.bumble.com https://www.googletagmanager.com http://www.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/pagead *.googlesyndication.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://cdn.ampproject.org https://snap.licdn.com https://www.youtube.com *.youtube.com http://www.google-analytics.com https://www.googletagmanager.com https://consent.bumble.com *.typeform.com *.doubleclick.net *.taboola.com; img-src * data: blob: www.googletagmanager.com; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' jwpsrv.com *.jquery.com *.lsnj.org *.googleapis.com fonts.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.addthis.com v1.addthisedge.com;              style-src 'self' 'unsafe-inline' *.lsnj.org *.google.com *.googleapis.com *.stats.g.doubleclick.net;              connect-src 'self' *.addthis.com;              frame-src 'self' video.lsnj.org *.youtube.com s7.addthis.com 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com.co *.google.com *.googletagmanager.com *.google.com.* *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net widgets.pau.zone www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.rum-static.pingdom.net https://www.google-analytics.com/ *.google.com *.googletagmanager.com *.googleadservices.com *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net *.amazonaws.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ *.pingdom.net widgets.pau.zone js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.cloudflare.com https://fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.rum-static.pingdom.net *.google-analytics.com *.google.com *.static.klaviyo.com *.stats.g.doubleclick.net *.connect.facebook.net *.rum-collector-2.pingdom.net *.bam.nr-data.net https://bam.nr-data.net https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ *.pingdom.net *.smallshi.com:1442/ *.smallshi.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.rum-static.pingdom.net *.connect.facebook.net *.stats.g.doubleclick.net *.rum-collector-2.pingdom.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-sZ8DCzaQL5MxpvUZdRtLPGeHq' 'strict-dynamic' 'report-sample'; report-uri https://troypointinsider.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'none';base-uri 'self';script-src 'nonce-RW9zDNgR8gEnyxsajvLtNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DbPNYh-sONdkYXlklqiRZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-qBg4lmMLArh2C-VDKokkiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src cdn.cookie-script.com 'self'; script-src cdn.polyfill.io cdn.cookie-script.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com *.twitter.com *.twimg.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'unsafe-eval' 'self' 'unsafe-inline'; style-src cdnjs.cloudflare.com fonts.googleapis.com 'self' 'unsafe-inline' ; font-src data: cdnjs.cloudflare.com fonts.gstatic.com 'self'; frame-src www.youtube.com *.twitter.com *.googletagmanager.com 'self'; img-src data: *.twimg.com *.twitter.com *.google-analytics.com *.googletagmanager.com www.gstatic.com *.hsforms.com *.hubspot.com 'self'; style-src-elem cdnjs.cloudflare.com hello.myfonts.net *.twitter.com *.twimg.com 'self' 'unsafe-inline'; connect-src consent.cookie-script.com *.google-analytics.com *.hubspot.com *.hubapi.com *.hscollectedforms.net 'self'; script-src-elem cdn.polyfill.io cdn.cookie-script.com *.googletagmanager.com cdnjs.cloudflare.com *.google-analytics.com *.twimg.com *.twitter.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'self' 'unsafe-inline'; report-uri https://dcvc.report-uri.com/r/d/csp/reportOnly 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.sagepay.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.sagepay.com *.realexpayments.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.sagepay.com *.realexpayments.com *.meetanshi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com www.365vet.co.uk api.feefo.com *.meetanshi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.sagepay.com sec.webeyez.com api.feefo.com register.feefo.com s7.addthis.com *.avada.io *.meetanshi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.sagepay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.paypal.com *.sagepay.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: fonts.gstatic.com static.zipmoney.com.au v2.zopim.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com magento2.avada.io secure.ewaypayments.com secure-au.sandbox.ewaypayments.com youtube.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com site-assets.afterpay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudfront.net www.google.com www.google.com.au www.googletagmanager.com cdn.klarna.com www.magentocommerce.com zip.co static.zipmoney.com.au v2.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com t.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com widget.freshworks.com m2epro.freshdesk.com secure.ewaypayments.com static.zdassets.com static.zipmoney.com.au v2.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com stats.g.doubleclick.net ekr.zdassets.com *.zip.co *.zipmoney.com.au wss://widget-mediator.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://secure-test.worldpay.com/shopper/3ds/ddc.html https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://www.youtube.com/ 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://widget.trustpilot.com/ https://pay.google.com https://secure-test.worldpay.com *.weltpixel.com *.google.com https://plumrocket.com https://www.youtube.com/ www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com *.cloudflare.com *.gstatic.com *.google.com *.mageside.com mageside.com maps.gstatic.com https://usaskateshop-com.b-cdn.net/ www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.chimpstatic.com https://static.hotjar.com https://static.zdassets.com https://payments.worldpay.com https://cdn.clerk.io https://api.clerk.io https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.google.com applepay.cdn-apple.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com applepay.cdn-apple.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.usaskateshop.dk https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.sudameapteek.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: www.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.sudameapteek.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src https://irs.tools.investis.com https://otp.tools.investis.com; font-src 'self' data: https://fonts.gstatic.com/; style-src-elem 'self' https://fonts.googleapis.com/ 'unsafe-inline'; report-to csp-reports; report-uri https://www.integrafin.co.uk/csp_reporting 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com https://www.facebook.com https://c.clarity.ms/ https://bat.bing.com/ https://c.bing.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.fontawesome.com *.googleapis.com *.gstatic.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://cs.iubenda.com/ static.addtoany.com acsbapp.com mylivechat.com a6.mylivechat.com https://cdn.iubenda.com/cs/ccpa/stub.js https://connect.facebook.net/ http://www.paypalobjects.com http://www.googletagmanager.com http://www.vimeo.com https://cdn.iubenda.com/ https://bat.bing.com/ https://www.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com a6.mylivechat.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.acsbapp.com http://www.googletagmanager.com http://www.sandbox.paypal.com http://www.paypalobjects.com https://hits-i.iubenda.com/ https://w.clarity.ms/collect http://www.google-analytics.com https://consent.iubenda.com/ https://o.clarity.ms/collect https://v.clarity.ms/collect 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-NbXwquHgCW8Uu-kcoU8qZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' https:; img-src 'self' https: data: https://*.hsforms.com https://*.hubspot.com www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.wayleadr.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.googleoptimize.com https://*.google-analytics.com https://reports-api.sqreen.io https://*.openli.com https://*.legalmonster.com https://*.raygun.io https://*.facebook.net https://server.recotap.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.hotjar.com https://js.intercomcdn.com https://*.intercom.io https://static.hsappstatic.net https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://js.hsleadflows.net http://js.hs-scripts.com 'nonce-'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://api.mapbox.com; frame-ancestors 'self' https://mysanofi-workplace.witco.app https://www.youtube.com 1
base-uri 'none'; style-src 'report-sample' 'self' 'unsafe-inline' ; style-src-elem 'report-sample' 'self' 'nonce-79151fe6-135' 'sha256-h71+pLfB+YklIcSjqmEwoF2NvObYguzCHD8X0nPQsDc=' ; object-src 'self'; img-src 'self' *.regenwald.org data: ; connect-src 'self' ; block-all-mixed-content; report-uri /csp-violation-report/79151fe6-135 1
font-src *.gstatic.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.yotpo.com 'self' data: *.cloudfront.net *.fontawesome.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.facebook.com *.facebook.net *.moengage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: 'self' data: *.png *.jpg *.jpeg *.gstatic.com *.googleapis.com *.cloudfront.net *.yotpo.com *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google.lk *.moengage.com *.hockeystack.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com.ph data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.gstatic.com *.authorize.net *.cardinalcommerce.com *.googleapis.com *.cloudfront.net *.facebook.net *.newrelic.com *.nr-data.net *.googletagmanager.com *.yotpo.com cdn.rawgit.com *.hockeystack.com *.moengage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.zendesk.com *.zdassets.com *.plerdy.com *.jsdelivr.net *.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.cloudfront.net *.yotpo.com *.hockeystack.com *.fontawesome.com unsafe-inline *.typekit.net *.bootstrapcdn.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google-analytics.com *.cardinalcommerce.com *.amazonservices.com *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.nr-data.net *.instagram.com *.dotdigital.com *.comapi.com *.paypal.com *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.hockeystack.com *.moengage.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: *.yotpo.com *.zendesk.com *.zdassets.com *.adobedtm.com *.plerdy.com *.prerender.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-clMllteITPIur1T0s7bCFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://v2.api.edamama.ph https://v6.api.edamama.ph https://browser-intake-datadoghq.com https://api.xendit.co https://ekr.zdassets.com https://edamamaph.zendesk.com https://stats.g.doubleclick.net https://api.storyblok.com https://*.algolia.net/1/indexes/ https://insights.algolia.io/1/events https://*.algolianet.com https://sdk-01.moengage.com https://connect-facebook.proxy.edamama.ph https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://adservice.google.com https://analytics.tiktok.com https://www.facebook.com https://graph.facebook.com https://web.facebook.com https://shopback.go2cloud.org/aff_lsr https://*.awswaf.com https://edamama-prd-media.s3.ap-southeast-1.amazonaws.com; frame-ancestors https://app.storyblok.com; frame-src 'self' https://www.youtube.com https://www.facebook.com https://www.instagram.com https://platform.twitter.com https://form.typeform.com https://accounts.google.com https://docs.google.com https://cdn.moengage.com https://bid.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://track.omguk.com https://clk.omgt3.com https://edamama.onelink.me https://redirect.xendit.co https://drive.google.com/; img-src 'self' https://media-v4.edamama.ph https://public-media.edamama.ph https://edamama-bucket.s3.ap-southeast-1.amazonaws.com https://a.storyblok.com https://www.facebook.com https://graph.facebook.com https://web.facebook.com https://media.edamama.ph data: https://ssl.gstatic.com https://www.gstatic.com https://csi.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ph https://lh3.googleusercontent.com https://edamama-prd-media-v2.s3.ap-southeast-1.amazonaws.com https://t.co https://analytics.twitter.com https://image.moengage.com https://ik.imagekit.io/eujtg5mauo; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://accounts.google.com https://embed.typeform.com https://fonts.bunny.net https://app-cdn.moengage.com https://a.storyblok.com/f/94137/x https://static.captcha.awswaf.com 'report-sample' 'unsafe-inline'; script-src 'self' 'sha256-DrZjatbinW/VP0YitSfMKHKqOyXaXiu9Rt8GEAnalTg=' 'sha256-F/tXQUKdKirBB9fUoK0vlHWKdKjWPdUk+mwbywnjnFA=' 'sha256-Nc0Pwa17B6hRkL+t7DQxivd3byER+ZY95dCqQjxj+SQ=' 'sha256-AMmb8+TGP0N6h+4d3vaRJjwqqUJBpX9joBuADoKl9es=' 'sha256-MX6K6xkPBL4zHSlrDJHeqxvy5D0ttteJ9sVccx4SWKw=' 'sha256-cSuibHJMZeC9vFPCABs3xUYFchETVTkVHsp2k7fqTAw=' 'sha256-CYLlqcyROAbTrWIMC/n6iNlzLljIoOEhgYVOMz5IUUE=' 'sha256-cca5czaYT7Etp4sSHe7LEZEL9GT5YLaJsFOVvq4hk7A=' 'sha256-S9mxNz/hShk7ui1EPx5HxsmWn8rUiiart7ubIfdRof4=' 'sha256-lyLPPczc3E1heh9luXW/z+FDVHIPI8RYFsw85ICK7P8=' 'sha256-HLXSsVKkW1hrRUiOt+l+RY6w+EmltwKQWPbAR0L4eGo=' https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.gstatic.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://static.zdassets.com https://www.instagram.com https://www.datadoghq-browser-agent.com https://v2.zopim.com https://chimpstatic.com https://js.xendit.co https://connect.facebook.net https://googleads.g.doubleclick.net https://webtrafficsource.com https://tpc.googlesyndication.com https://analytics.tiktok.com https://cdn.moengage.com https://app-cdn.moengage.com https://track.omguk.com https://static.ads-twitter.com https://accounts.google.com https://embed.typeform.com https://platform.twitter.com https://*.awswaf.com https://connect-facebook.proxy.edamama.ph 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'sha256-DrZjatbinW/VP0YitSfMKHKqOyXaXiu9Rt8GEAnalTg=' 'sha256-F/tXQUKdKirBB9fUoK0vlHWKdKjWPdUk+mwbywnjnFA=' 'sha256-Nc0Pwa17B6hRkL+t7DQxivd3byER+ZY95dCqQjxj+SQ=' 'sha256-AMmb8+TGP0N6h+4d3vaRJjwqqUJBpX9joBuADoKl9es=' 'sha256-MX6K6xkPBL4zHSlrDJHeqxvy5D0ttteJ9sVccx4SWKw=' 'sha256-cSuibHJMZeC9vFPCABs3xUYFchETVTkVHsp2k7fqTAw=' 'sha256-CYLlqcyROAbTrWIMC/n6iNlzLljIoOEhgYVOMz5IUUE=' 'sha256-cca5czaYT7Etp4sSHe7LEZEL9GT5YLaJsFOVvq4hk7A=' 'sha256-S9mxNz/hShk7ui1EPx5HxsmWn8rUiiart7ubIfdRof4=' 'sha256-lyLPPczc3E1heh9luXW/z+FDVHIPI8RYFsw85ICK7P8=' 'sha256-HLXSsVKkW1hrRUiOt+l+RY6w+EmltwKQWPbAR0L4eGo=' https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.gstatic.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://static.zdassets.com https://www.instagram.com https://www.datadoghq-browser-agent.com https://v2.zopim.com https://chimpstatic.com https://js.xendit.co https://connect.facebook.net https://googleads.g.doubleclick.net https://webtrafficsource.com https://tpc.googlesyndication.com https://analytics.tiktok.com https://cdn.moengage.com https://app-cdn.moengage.com https://track.omguk.com https://static.ads-twitter.com https://accounts.google.com https://embed.typeform.com https://platform.twitter.com https://*.awswaf.com https://connect-facebook.proxy.edamama.ph 'sha256-2IzbCY8GgK5y7c8naO/kvq3tcweXI4k/bLtXQ4hlI20=' 'sha256-RrZhRMElT8tB4qrziHCpiij3hTMzNgpGKyxzzntJAUg=' 'sha256-od/dOy2f0SVXeXQLGLxB3DppeiSv4TBx+3f3rdtFJ9g=' 'sha256-cbq04+t6D2J2gn5Dd1il7MlKhHBJaVZz54hq0E0I0hc=' 'sha256-uufAQ1VEaCveiGcqYW9cZ0Y+k7aqw+1Ic8cxU0O9ESk=' 'sha256-G1Gz5SDVoHCJCwLPeLkdhrdNDPW0xV5eeo47bkGmbaw=' 'sha256-tRlR7sZmngB0U/T3ohXnBQEKLXuQjbCD7AbuTLJd3zA=' 'sha256-cGsS+yMycz86hS+9PcfUTv3zEJ8Pmeka6B6xtQoXIDY=' 'sha256-QY5Iuf4r+KRvsFE3spQsWorP4kAxQwpbNf3SzktJMl4=' 'sha256-SOeUj+i/uf9BdbUBh05ok+LAbIz40250+TW7BlroXig=' 'sha256-4qf5W3xA443ZAZNGcw0keTNusTEWu9bDSAvpQBsmE/o='; media-src data:; object-src 'none'; base-uri 'self'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf49b08b2b9877ce50fc0f0fd1d7da792&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprd%2Cvia%3Areport-uri 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.dwin1.com https://*.awin1.com https://bat.bing.com https://api.bounce-commerce.de https://*.mediashop.bloomreach.cloud https://recommender.scarabresearch.com https://webchannel-content.eservice.emarsys.net https://www.facebook.com https://*.google.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.at https://*.google.de https://*.google.ch https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com cdn.jwplayer.com *.jwpcdn.com  https://mediashop.akamaized.net https://api.addressy.com *.nr-data.net https://*.paypal.com https://ct.pinterest.com https://*.sovendus.com https://analytics.tiktok.com *.usercentrics.eu wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; default-src 'self'; font-src 'self' data: https://script.hotjar.com; frame-src * data: blob: https://vars.hotjar.com https://*.paypal.com https://ct.pinterest.com https://embed.rtcnow.com/ https://www.sovendus-connect.com *.usercentrics.eu api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com youtube.com; img-src 'self' blob: data: https: https://*.dwin1.com https://*.awin1.com https://bat.bing.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.at https://www.google.de https://www.google.ch https://www.google.com https://googleads.g.doubleclick.net  https://static.hotjar.com https://script.hotjar.com cdn.jwplayer.com prd.jwpltx.com *.jwpsrv.com https://icons.parcellab.com https://ct.pinterest.com https://trck.spoteffects.net *.usercentrics.eu userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com https://i.ytimg.com; object-src 'none'; script-src 'nonce-qsPlIGAZoBv4TCkJxY+/8Q==' 'strict-dynamic' https://*.dwin1.com https://*.awin1.com https://bat.bing.com api.bounce-commerce.de https://*.mediashop.bloomreach.cloud *.scarabresearch.com https://connect.facebook.net https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com cdn.jwplayer.com *.jwpcdn.com js-agent.newrelic.com *.nr-data.net https://cdn.parcellab.com https://*.paypal.com https://s.pinimg.com https://api.sovendus.com https://trck.spoteffects.net https://analytics.tiktok.com *.usercentrics.eu 'unsafe-eval' 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net www.youtube.com; style-src 'self' https://*.mediashop.bloomreach.cloud 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; worker-src 'none'; media-src blob: userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net blob:; 1
default-src 'self' www.golightyear.com golightyear.com www.lightyear.com lightyear.com https://cdn.segment.com; font-src 'self' www.golightyear.com golightyear.com www.lightyear.com lightyear.com data: fonts.gstatic.com; connect-src 'self' cdn.segment.com api.segment.io www.golightyear.com golightyear.com www.lightyear.com lightyear.com www.lightyear.ee lightyear.ee staging.lightyear.ee *.staging.lightyear.ee *.google-analytics.com *.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com google.com *.google.com https://maps.googleapis.com https://sdk.fra-02.braze.eu *.browser-intake-datadoghq.eu *.googlesyndication.com *.analytics.google.com *.google.com.mt *.google.hu pay.google.com apple.com/apple-pay api2.amplitude.com checkoutshopper-live.adyen.com cms.lightyear.com cms.lightyear.ee adservice.google.com connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://cdn.segment.com www.googletagmanager.com www.google-analytics.com https://static.hotjar.com *.g.doubleclick.net https://script.hotjar.com pay.google.com applepay.cdn-apple.com widget.trustpilot.com https://maps.googleapis.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data: blob:; object-src 'none'; frame-ancestors 'none'; frame-src https://www.youtube.com td.doubleclick.net https://magic.veriff.me https://magic.falcon-1-eu.veriff.me/ pay.google.com checkoutshopper-live.adyen.com widget.trustpilot.com; worker-src 'self' blob:; manifest-src 'self'; report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=puba764fbb3bd775a9d7f7a08f5f4de9f8d&dd-evp-origin=content-security-policy&ddsource=csp-report; report-to default 1
script-src 'self'; script-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-YlDZTII10m8vqoNQxJZfwA5LgocjIbahc9EYQnH76mc='; base-uri 'self';report-to csp-endpoint 1
font-src https://*.gstatic.com *.googleapis.com *.gstatic.com data: https://client.crisp.chat *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://consent.cookiefirst.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://image.crisp.chat http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.multisafepay.com https://www.google.es ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.google.com https://artero.com/media https://*.vimeocdn.com https://i.ytimg.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://client.crisp.chat http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io *.multisafepay.com https://pay.google.com cdn.scalapay.com b2c-cdn.scalapay.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.connectif.cloud https://www.smartsuppchat.com https://rec.smartlook.com https://widget-v2.smartsuppcdn.com https://cdn.scalapay.com https://consent.cookiefirst.com https://svht.tradedoubler.com https://datar.tradedoubler.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ unsafe-inline fonts.googleapis.com https://client.crisp.chat *.fontawesome.com *.multisafepay.com https://consent.cookiefirst.com https://fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://eu6-api.connectif.cloud https://web-writer.eu.smartlook.cloud https://assets-proxy.smartlook.cloud https://manager.smartlook.com/ https://bootstrap.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://translations.smartsuppcdn.com wss://websocket-visitors.smartsupp.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://datar.tradedoubler.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-dymHmFYtSMlB6Q11pyB3bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net adservice.google.com rt.flix360.com media.flixcar.com www.google.com *.stackpathcdn.com www.google.hn *.googleapis.com www.google-analytics.com *.doubleclick.net i.gifer.com *.facebook.com rtb.om-meta.com dsp.om-meta.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'self';connect-src 'self' www.google-analytics.com region1.google-analytics.com;default-src 'none';form-action 'self' https://sis.redsys.es/sis/realizarPago artesiete.es/Bankcall;img-src 'self' https://gestor.artesiete.es/storage/;media-src 'self';object-src 'none';script-src 'self' 'nonce-PC9zELVWBPZXROpNt1KD6MWkZLEJUdXn' 'unsafe-eval' https://unpkg.com/swiper/swiper-bundle.min.js https://www.googletagmanager.com/gtag/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://artesiete.es/js/app.js www.googletagmanager.com/gtag/js artesiete.es/Bankcall;style-src 'self' 'nonce-PC9zELVWBPZXROpNt1KD6MWkZLEJUdXn' 'unsafe-inline' https://unpkg.com/swiper/swiper-bundle.min.css artesiete.es/Bankcall;font-src 'self' data: 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com https://googleapis.com *.fontawesome.com *.spockee.io *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com secure-gateway.hipay-tpp.com *.hipay.com *.twitter.com https://www.googletagmanager.com *.doubleclick.net/ *.googlesyndication.com *.cloudfront.net *.be2bill.com *.dalenys.com *.payplug.com *.teester.com *.easydmp.net *.botmind.ai *.pinterest.com *.spockee.io *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io *.design-a-cake.co.uk *.cloudflare.com *.klarna.com www.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.adobe.com *.google.com *.google.fr *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk https://www.googletagmanager.com *.doubleclick.net/ *.cloudfront.net *.bazaarvoice.com *.googlesyndication.com *.bing.com *.pinterest.com *.digital-metric.net *.easyparapharmacie.com *.spockee.io *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ *.onetrust.com cdn.cookielaw.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com secure-gateway.hipay-tpp.com *.hipay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.adobe.com *.skeepers.io https://swa.easypara.fr *.googleadservices.com *.scarabresearch.com *.google.com *.google.fr *.algolia.net *.algolia.com *.emarsys.net *.gstatic.com https://www.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.cloudfront.net *.botmind.io *.be2bill.com *.batch.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.hotjar.com *.tiktok.com *.easydmp.net *.teester.com *.kk-resources.com *.pinimg.com *.digital-metric.net *.bing.com *.bazaarvoice.com *.spockee.io *.pinterest.com https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ party.spockee.io *.onetrust.com cdn.cookielaw.org https://cdn.scalapay.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src display.ugc.bazaarvoice.com *.hipay.com *.cloudflare.com *.googleapis.com *.twitter.com *.fontawesome.com *.skeepers.io https://swa.easypara.fr *.googleadservices.com *.scarabresearch.com *.google-analytics.com *.algolia.net *.algolia.com *.emarsys.net *.google.com *.spockee.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ *.onetrust.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.youtube.com *.teester.com *.spockee.io *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io data: mpsnare.iesnare.com *.youtube.com *.teester.com *.spockee.io *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.hipay.com wss://mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.paypal.com *.emarsys.net *.scarabresearch.com *.google-analytics.com https://region1.analytics.google.com/ https://swa.easypara.fr *.googlesyndication.com *.doubleclick.net *.botmind.io *.spockee.io *.google.com *.batch.com *.tiktok.com *.pinterest.com *.easypara.fr *.easypara.it *.easypara.es *.easypara.com *.easypara.co.uk *.skeepers.io https://svc-prd-shoppable.s3.eu-west-1.amazonaws.com https://ls-prd-cdn.s3.eu-west-1.amazonaws.com *.trygr.io *.eretail.io https://trygrcdn.blob.core.windows.net/ party.spockee.io *.onetrust.com cdn.cookielaw.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reachout.global pos-kowzef.reachout.global 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.addtoany.com/ *.doubleclick.net/ *.addthis.com *.doubleclick.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kosiuko.com/ https://kosiuko.com/ *.afip.gob.ar *.cloudfront.net https://player.vimeo.com *.clarity.ms *.google.com.co *.bing.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.cloudfront.net *.doubleclick.net *.vimeo.com https://f.vimeocdn.com https://player.vimeo.com *.clarity.ms *.aptrinsic.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.icommarketing.com *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.vimeo.com https://vimeo.com *.vimeocdn.com https://f.vimeocdn.com *.clarity.ms *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.notifications-icommkt.com https://notifications-icommkt.com pos-kowzef.reachout.global *.reachout.global *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com https://fonts.gstatic.com fonts.gstatic.com 'self' data: *.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.googletagmanager.com/ web.facebook.com www.facebook.com consentcdn.cookiebot.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com storage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ forms-eu1.hsforms.com track-eu1.hubspot.com www.google.be www.google.es www.google.com.ar www.facebook.com connect.facebook.net scontent-cdt1-1.cdninstagram.com scontent-cdt2-1.cdninstagram.com scontent-cdg2-1.cdninstagram.com imgsct.cookiebot.com perf-eu1.hsforms.com *.hubspotusercontent-eu1.net *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://player.vimeo.com https://www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io cdn.jsdelivr.net connect.facebook.net js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hscollectedforms.net js-eu1.hs-banner.com js-eu1.hsleadflows.net searchserverapi.com pixel.convertize.io consent.cookiebot.com consentcdn.cookiebot.com js-eu1.usemessages.com js-eu1.hubspot.com static.hotjar.com script.hotjar.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://fonts.googleapis.com http://fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api-eu1.hubapi.com forms-eu1.hubspot.com graph.instagram.com maps.googleapis.com forms-eu1.hscollectedforms.net consentcdn.cookiebot.com pagead2.googlesyndication.com cta-eu1.hubspot.com api-eu1.hubspot.com *.google-analytics.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net images.latitudepayapps.com imageapi.magebinary.co.nz *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com *.braintreegateway.com *.google.com https://*.facebook.com *.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com *.cloudfront.net https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net images.latitudepayapps.com *.godfreys.com.au *.feefo.com *.google.com *.google.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.bing.com *.criteo.com *.bluekai.com *.socdm.com *.krxd.net *.pubmatic.com *.outbrain.com *.mediavine.com *.aralego.com *.aralego.net *.smaato.net *.clmbtech.com *.yieldmo.com *.emxdgt.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.rlcdn.com *.3lift.com *.360yield.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.forter.com *.cloudfront.net *.openpay.com.au https://js-agent.newrelic.com https://oc-library.playground.klarnaservices.com/lib.js images.latitudepayapps.com *.bing.com *.criteo.com *.facebook.net *.mytopia.com.au *.google.com *.googleoptimize.com *.cfjump.com *.freshchat.com *.zip.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.freshchat.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io *.cloudfront.net *.forter.com *.zipmoney.com.au *.zip.co *.criteo.com *.googlesyndication.com *.facebook.com *.googleapis.com *.afterpay.com *.qrtags.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ *.weltpixel.com https://*.doubleclick.net https://ehub.cz https://*.gls-czech.cz https://*.packeta.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.koongo.com *.gstatic.com https://*.seznam.cz https://im9.cz https://*.google.cz https://*.facebook.com https://*.g.doubleclick.net https://*.mailkit.eu https://ehub.cz https://*.heureka.cz/ https://*.zbozi.cz flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://*.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud https://*.heureka.cz https://*.mailkit.eu https://*.seznam.cz https://*.dognet.sk https://ehub.cz https://*.facebook.net https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.packeta.com/ https://*.zbozi.cz/ https://im9.cz/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css tagmanager.google.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.koongo.com https://www.google-analytics.com https://*.smartlook.com https://*.smartlook.cloud https://*.mailkit.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://ehub.cz https://widget.packeta.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google.com https://platform.twitter.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.xj-storage.jp/public-graph/table/AS02420/ https://www.xj-storage.jp/public-graph-at/table/AS02420/ https://www.xj-storage.jp/public-list/ https://cache.dga.jp/s/sanyodk/ https://al-s.dc-tag.jp/dcam.min.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/ https://platform.twitter.com/widgets.js https://www.clarity.ms/ https://extend.vimeocdn.com/ga/ https://cdn.cookie.sync.usonar.jp/ https://ip2c.landscape.co.jp/lbcapi/ https://apis.usonar.jp/alog/ https://partner.googleadservices.com/ https://cookie.sync.usonar.jp/v1/ https://www.gstatic.com/ https://kitchen.juicer.cc/ https://cdn.kitchen.juicer.cc/ https://cdn.treasuredata.com/sdk/1.9.1/td.min.js https://cdn.id5-sync.com/api/1.0/id5-api.js https://dmp.im-apps.net/ https://in.treasuredata.com/ https://s.dc-tag.jp/ https://cdn.audiencedata.net/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.paytabs.com *.paytabs.sa 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.jsdelivr.net *.google.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.googletagmanager.com *.avada.io eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.equiti.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.fontawesome.com *.googleapis.com *.gstatic.com *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.googleapis.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.youtube.com/ *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net *.facebook.com *.meetanshi.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.google.com *.google.com.ua *.google.co.uk *.googletagmanager.com *.doubleclick.net *.facebook.net *.avada.io *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org *.google.com https://get.geojs.io *.avada.io *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: m.peerlessfaucet.com bcp.crwdcntrl.net app.securiti.ai t.sharethis.com bam.nr-data.net bimsmith.com tags.srv.stackadapt.com media.peerlessfaucet.com www.youtube.com www.google.com www.google-analytics.com www.googletagmanager.com *.doubleclick.net data.stbuttons.click sync.sharethis.com *.gstatic.com *.bazaarvoice.com *.facebook.com l.sharethis.com platform-cdn.sharethis.com *.linkedin.com platform-api.sharethis.com adservice.google.com *.googleapis.com px.adentifi.com *.igodigital.com buttons-config.sharethis.com *.facebook.net cdn-prod.securiti.ai www.recaptcha.net *.adsrvr.org *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com landofcoder.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com https://pay.google.com https://secure-test.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com chart.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com unsafe-inline *.cloudflare.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io cdn.ampproject.org *.ideal-postcodes.co.uk landofcoder.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.webwinkelkeur.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms *.linkedin.com rvsland.hypernode.io *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com  https://magento.com *.cookiebot.com *.clarity.ms *.cookiefirst.com *.licdn.com *.googleoptimize.com/ *.bing.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.clarity.ms *.googleapis.com *.cookiebot.com *.cookiefirst.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleusercontent.com *.facebook.com ads-engagement.presage.io *.doubleclick.net *.gstatic.com *.googleapis.com s.richmediastudio.com cdn.trustindex.io secure.adnxs.com vc.hotjar.io *.taboola.com *.googlesyndication.com *.visualwebsiteoptimizer.com region1.analytics.google.com www.google.es *.facebook.net bat.bing.com adservice.google.com fledge.teads.tv *.onetrust.com cm.teads.tv tsdtocl.com *.bidr.io www.google.com *.hotjar.com p.teads.tv apis.google.com *.googleadservices.com www.google-analytics.com widget.trustpilot.com cdn.cookielaw.org mt2.google.com www.googletagmanager.com mt3.google.com t.teads.tv mt0.google.com mt1.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://github.com https://platform.twitter.com https://unpkg.com https://www.google.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.gstatic.com *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.google.com.ua *.google.co.uk *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com app.usercentrics.eu *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.scarabresearch.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net orbitvu.co *.orbitvu.co *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com media.brand-distribution.com widgets.trustedshops.com app.usercentrics.eu privacy-proxy-server.usercentrics.eu uct.service.usercentrics.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.facebook.com connect.facebook.com www.google.de piwik.hama.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.plugins.emarsys.net *.scarabresearch.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net/ cdn.scarabresearch.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net orbitvu.co *.orbitvu.co *.newrelic.com *.nr-data.net *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com widgets.trustedshops.com aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.orbitvu.co *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com fast.fonts.net hello.myfonts.net *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.stepbystep-schulranzen.com *.coocazoo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.scarabresearch.com *.eservice.emarsys.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.orbitvu.cloud *.newrelic.com *.nr-data.net *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com aggregator.service.usercentrics.eu app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu consent-api.service.consent.usercentrics.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com connect.facebook.com connect.facebook.net www.google.com www.google.de piwik.hama.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.moca-bike.com *.urage.com *.eoto-objects.com *.stepbystep-schulranzen.com *.coocazoo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri /report/csp-report.php?source=baumueller.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/   https://www.googletagmanager.com https://www.googletagmanager.com/ https://salesviewer.org https://*.leadlab.click/ https://*.google-analytics.com  https://www.google.com https://*.gstatic.com  https://*.googleapis.com  https://*.leadlab.click https://cdn.jsdelivr.net/ https://*.cookiefirst.com/ Content-Security-Policy: script-src *.tawk.to cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cookiefirst.com/ https://salesviewer.org style-src *.tawk.to fonts.googleapis.com cdn.jsdelivr.net; frame-src 'self' https://*.youtube.com https://www.google.com https://*.youtube-nocookie.com *.tawk.to; connect-src 'self' https://stats.g.doubleclick.net/ https://*.leadlab.click/ https://www.google-analytics.com https://translate.googleapis.com/ https://salesviewer.org/ https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com/pagead/ https://consent.cookiefirst.com/ https://edge.cookiefirst.com/ https://salesviewer.org  http://salesviewer.org *.tawk.to wss://*.tawk.to; img-src 'self' https://www.google.de/ads/*  https://www.google.de https://www.google.com https://www.baumueller.de/ https://*.ytimg.com  https://*.googleapis.com https://*.google-analytics.com https://*.leadlab.click  https://*.gstatic.com/ https://*.googleapis.com/ https://img.youtube.com *.tawk.to cdn.jsdelivr.net tawk.link; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.tawk.to fonts.gstatic.com; form-action *.tawk.to, https://digital.baumueller.com/*; frame-ancestors 'self' 1
font-src https://*.hotjar.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.nr-data.net *.newrelic.com https://*.hotjar.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.googleapis.com accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.retailrocket.net *.google.com.ar *.google.com *.facebook.com *.cardinale.cl *.nr-data.net *.newrelic.com https://*.hotjar.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.googleapis.com accounts.google.com *.alothemes.com *.magepow.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.nr-data.net *.newrelic.com *.retailrocket.net https://*.hotjar.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.googleapis.com accounts.google.com *.google.com *.gstatic.com *.avada.io *.alothemes.com *.magepow.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.retailrocket.net *.nr-data.net *.newrelic.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.doubleclick.net *.hotjar.io *.hotjar.com *.nr-data.net *.newrelic.com *.retailrocket.net https://*.hotjar.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.googleapis.com accounts.google.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com analytics.google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src hyper2pay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-KulosYnpRqKXS-ft34czhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://hpi.izysync.com/media/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net www.google.com.vn www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com s7.addthis.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://za.zdn.vn/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ www.google.com https://www.facebook.com/ *.facebook.net cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://stats.g.doubleclick.net https://sync.aralego.com *.hoang-phuc.com https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.googletagmanager.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.newrelic.com *.nr-data.net https://js-agent.newrelic.com/ https://connect.facebook.net/ https://page.widget.zalo.me/ https://analytics.pangle-ads.com https://measurement-api.criteo.com https://rt.udmserve.net https://public-prod-dspcookiematching.dmxleo.com https://mixer.mobon.net https://sync.teads.tv https://sync.cootlogix.com https://sync.cenarius.orangeclickmedia.com https://dsum-sec.casalemedia.com https://sync.aralego.com *.hoang-phuc.com https://za.zalo.me/ https://delivery-cloud.cdp.asia/interaction/ https://tags.creativecdn.com/ https://script.crazyegg.com/ https://dynamic.criteo.com/ https://analytics.tiktok.com/ https://sslwidget.criteo.com/ https://asia.creativecdn.com/ https://www.google.com https://analytics.google.com/ https://stats.g.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net/ https://fonts.gstatic.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://csync.loopme.me/ https://cm.mgid.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://contextual.media.net/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://adgen.socdm.com/ https://tg.socdm.com/ https://gum.criteo.com/ https://r.casalemedia.com/ https://adx.dable.io/ https://cs.adingo.jp/ https://ads.stickyadstv.com/ https://ad.360yield.com/ https://idsync.rlcdn.com/ https://exchange.mediavine.com/ https://c.bing.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://s.ad.smaato.net/ https://ade.clmbtech.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://hb.yahoo.net/ http://sync.1rx.io/ https://sync.targeting.unrulymedia.com/ https://match.sharethrough.com/ https://s-cs.rmp.rakuten.com/ https://usersync.gumgum.com/ https://t.adx.opera.com/ https://ad.tpmn.co.kr/ https://bh.contextweb.com/ https://sin.creativecdn.com/ https://cdnjs.cloudflare.com/ https://online-gateway.ghn.vn/ https://www.facebook.com/ *.facebook.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src: https: 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.klevu.com 'self' data: *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com account.fetchify.com 'self' data: *.klevu.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://*.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.freshchat.com *.crwdcntrl.net/ *.klevu.com magento-cloudflare.jetrails.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.punchout2go.com *.tradecentric.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.co.uk *.klevu.com *.ytimg.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.gatorleads.co.uk *.freshchat.com *.newrelic.com *.hotjar.com *.adnxs.com *.klevu.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.punchout2go.com *.tradecentric.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.typekit.net *.freshchat.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nr-data.net *.doubleclick.net *.hotjar.io *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-olWowYfZJx4Q32WvYn3fuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogiclongterm.s3.amazonaws.com/NASBO/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://higherlogicstream.s3.amazonaws.com/NASBO/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
font-src cdn.jsdelivr.net cdn.almapay.com https://fonts.gstatic.com https://ws.colissimo.fr https://cdn.almapay.com https://client.crisp.chat *.fontawesome.com * data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://tpeweb.e-transactions.fr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://t1-maps.onyourmap.com https://t2-maps.onyourmap.com https://t3-maps.onyourmap.com https://t4-maps.onyourmap.com https://api.mapbox.com https://axeptio.imgix.net https://www.google.com https://t0.gstatic.com https://t1.gstatic.com https://t2.gstatic.com https://t3.gstatic.com https://www.google.fr https://region1.google-analytics.com https://www.shopimind.com https://www.googletagmanager.com https://image.crisp.chat https://client.crisp.chat https://stats.g.doubleclick.net https://googleads.g.doubleclick.net cdn.doofinder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://www.youtube.com https://static.axept.io https://www.googletagmanager.com http://static.axept.io https://client.crisp.chat https://brand-widgets.rr.skeepers.io https://analytics-manager.com https://www.google.fr cdn.doofinder.com *.avada.io https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com  https://client.crisp.chat *.doofinder.com *.fontawesome.com https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu https://ws.colissimo.fr https://client.axept.io https://api.axept.io https://stats.g.doubleclick.net https://region1.google-analytics.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://region1.analytics.google.com https://client.crisp.chat https://t1-maps.onyourmap.com https://t2-maps.onyourmap.com https://t3-maps.onyourmap.com https://t4-maps.onyourmap.com https://www.google.com https://adservice.google.com https://analytics.google.com https://www.google.fr *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://media.shopimind.io https://app-spm.com https://static-spm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cc8320165b14b59d70aa517453641b00.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://soaps.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; img-src 'self' data: *; media-src * blob:; script-src 'self' https://k-business.com https://www.k-business.com https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com *.google-analytics.com data: *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io www.youtube.com *.leadinfo.net  *.leadinfo.com vimeo.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com  *.google-analytics.com *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io noembed.com *.leadinfo.net *.leadinfo.com vimeo.com; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net; font-src 'self'; manifest-src 'self' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.bootstrapcdn.com *.typekit.net *.adabra.com *.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com lightwidget.com *.adabra.com *.addthis.com *.privacy-center.org c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.adabra.com widget.feedaty.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com ts.tradetracker.net www.magmodules.eu *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.lightwidget.com code.jquery.com lightwidget.com *.adabra.com cdn.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.soisy.it widget.feedaty.com *.privacy-center.org assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.scalapay.com b2c-cdn.scalapay.com maps.googleapis.com tm.tradetracker.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com cdn.jsdelivr.net *.bootstrapcdn.com *.typekit.net *.adabra.com my.adabra.com widget.feedaty.com *.iubenda.com *.fontawesome.com unsafe-inline fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.adabra.com *.addthis.com *.soisy.it *.privacy-center.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https:; script-src 'self' *.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.assets-yammer.com  *.h5p.org h5p.org  www.google.com  *.instagram.com *.youtube.com *.issuu.com *.govt.nz *.ytimg.com *.gstatic.com *.jit.si *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' data:;; font-src *.gstatic.com https: data:;  style-src https: 'unsafe-inline'; img-src https: data:; worker-src blob:; media-src 'self' blob:; report-uri https://koawatealearn.co.nz/local/csp/collector.php 1
manifest-src 'self' 'unsafe-inline' https://*.sata.com https://sata.com; img-src 'self' blob: data: data: 'unsafe-inline' https://gundesigner.s3.eu-central-1.amazonaws.com https://hm.baidu.com *.facebook.com *.ggpht.com ssl.google-analytics.com www.google-analytics.com *.google.com analytics.google.com maps.google.com translate.google.com https://translate.google.com www.google.com www.googleadservices.com *.googleapis.com translate.googleapis.com *.googlesyndication.com www.googletagmanager.com https://gstatic.com maps.gstatic.com www.gstatic.com https://www.gstatic.com www.gstatic.com/recaptcha *.paypal.com www.paypalobjects.com https://*.sata.com https://sata.com https://i.vimeocdn.com *.youtube.com *.ytimg.com https://i.ytimg.com *.doubleclick.net *.facebook.net *.fbcdn.net https://cdn.cookielaw.org https://www.google.de userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com https://tr.lfeeder.com/ https://sc.lfeeder.com/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug https://www.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.saferpay.com https://www.facebook.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io test.saferpay.com www.saferpay.com saferpay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.fraugster.com/v1/fraugster.js https://www.gstatic.cn/recaptcha/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://graph.facebook.com https://js.facebook.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google.com maps.google.com https://tagmanager.google.com https://translate.google.com https://www.google.com https://www.google.com/recaptcha/ https://*.googleadservices.com maps.googleapis.com https://translate.googleapis.com https://*.googlesyndication.com https://googletagmanager.com https://www.googletagmanager.com https://*.googletagservices.com https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com https://www.paypal.com https://www.paypalobjects.com https://*.sata.com https://sata.com https://api.userlike.com https://m.youtube.com https://www.youtube.com https://d3dc1lgancj6l0.cloudfront.net https://*.doubleclick.net https://connect.facebook.net https://bam.eu01.nr-data.net https://recaptcha.net https://www.recaptcha.net https://cdn.cookielaw.org api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-umm.b-cdn.net/ https://sc.lfeeder.com/ googleads.g.doubleclick.net https://www.sata.com https://stats.sata.com/ assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com test.saferpay.com www.saferpay.com saferpay.com js.fraugster.com *.google.com *.gstatic.com https://cdn.cookie-script.com; style-src 'self' 'unsafe-inline' *.google.com tagmanager.google.com https://fonts.googleapis.com translate.googleapis.com www.googletagmanager.com https://fonts.gstatic.com https://*.sata.com https://sata.com *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com; frame-ancestors 'self' https://*.sata.com https://sata.com; frame-src 'self' 'unsafe-inline' *.facebook.com *.google.com maps.google.com https://recaptcha.google.com https://www.google.com/recaptcha/ maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.paypal.com www.paypalobjects.com https://www.saferpay.com https://*.sata.com https://sata.com https://player.vimeo.com www.youtube-nocookie.com *.youtube.com *.doubleclick.net connect.facebook.net recaptcha.net *.recaptcha.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com test.saferpay.com www.saferpay.com saferpay.com; media-src 'self' 'unsafe-inline' *.adobe.com dai.google.com https://*.sata.com https://sata.com d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; object-src 'self' 'unsafe-inline' *.googlesyndication.com https://*.sata.com https://sata.com; font-src 'self' data: data: 'unsafe-inline' https://fonts.gstatic.com https://*.sata.com https://sata.com maxcdn.bootstrapcdn.com *.fontawesome.com *.gstatic.com; form-action 'self' 'unsafe-inline' *.facebook.com *.google.com https://*.sata.com https://sata.com connect.facebook.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com ; worker-src 'self' blob: https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.google.com https://*.sata.com https://sata.com www.recaptcha.net; connect-src 'self' 'unsafe-eval' 'unsafe-inline' about: data: https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://hm.baidu.com *.facebook.com www.google-analytics.com *.google.com ampcid.google.com analytics.google.com maps.google.com translate.google.com https://maps.googleapis.com translate.googleapis.com *.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com https://privacyportal-fr.onetrust.com *.paypal.com www.paypalobjects.com https://*.sata.com https://sata.com https://eu-api.friendlycaptcha.eu/api/ *.doubleclick.net stats.g.doubleclick.net connect.facebook.net https://bam.eu01.nr-data.net/ https://cdn.cookielaw.org https://dvkmaxr3fb.execute-api.eu-west-1.amazonaws.com https://u4irfd30ti.execute-api.eu-west-1.amazonaws.com https://api.userlike.com/api/um/chat/button/check/ wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com https://geolocation.onetrust.com/ ssl.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.google-analytics.com https://consent.cookie-script.com/collect; child-src 'self' blob: http: https: 'unsafe-inline' *.facebook.com *.google.com *.googlesyndication.com www.googletagmanager.com *.paypal.com www.paypalobjects.com https://sata.com https://*.sata.com www.youtube.com *.doubleclick.net connect.facebook.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.facebook.com https://*.sata.com https://sata.com https://player.vimeo.com https://stats.sata.com test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.imi.de/api/15/security/?sentry_key=74dec59931c24572bd888c406dc88cc4  1
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.net *.facebook.com https://plumrocket.com amc.demdex.net www.facebook.com web.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.gstatic.com *.facebook.net connect.facebook.net www.google.com www.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com maps.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; img-src 'self' https: data:; default-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-YNDHy8x4ocr5dMXCj5DmKg=='; report-uri https://sentry.olc.cz/api/19/security/?sentry_key=58622d10e65d4510b8947a9e685d8e4f&sentry_environment=production_ro&sentry_release=24.5.2 1
font-src *.gstatic.com data: *.cloudflare.com *.listrakbi.com *.twitter.com *.typekit.net *.googleapis.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.authorize.net *.klevu.com fonts.gstatic.com *.googletagmanager.com *.pinterest.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.google.com *.paypal.com *.livechatinc.com *.addtoany.com *.resellerratings.com *.videoly.co *.youtube-nocookie.com *.authorize.net *.addthis.com *.klevu.com *.googletagmanager.com *.pinterest.com *.weltpixel.com *.google.com.ua *.google.co.uk https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.listrakbi.com *.edgecastcdn.net *.klarna.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.paypal.com *.ytimg.com *.paypalobjects.com *.a2z.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.espssl.com *.videoly.co *.magentocommerce.com *.klevu.com certify.alexametrics.com *.googletagmanager.com *.gunbuyer.com *.pinterest.com *.google.com.ua *.google.co.uk *.doubleclick.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.listrakbi.com *.credova.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.google.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.cloudflareinsights.com *.addtoany.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.youtube.com *.youtube-nocookie.com *.authorize.net *.klevu.com certify-js.alexametrics.com chimpstatic.com *.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.pinterest.com s7.addthis.com *.google.com.ua *.google.co.uk *.doubleclick.net https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.listrakbi.com *.gstatic.com *.typekit.net *.fontawesome.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.authorize.net *.klevu.com fonts.googleapis.com *.googletagmanager.com *.pinterest.com data: maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.listrakbi.com *.twitter.com *.paypal.com *.livechatinc.com *.turnto.com *.credova.com *.pixlee.co *.resellerratings.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.videoly.co *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.floridagunexchange.com/; report-to report-endpoint; 1
font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com *.alothemes.com *.magepow.com nitropack.io *.nitrocdn.com blob: 'self' data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://seo.mageplaza.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.richcall.io *.getflowbox.com *.hotjar.com creativecdn.com *.cookiebot.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com https://pay.google.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com nitropack.io blob: 'self' cdn.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.cloudfront.net *.hipex.cloud *.bing.com *.cheqzone.com *.pinterest.com *.clarity.ms *.yahoo.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com nitropack.io *.nitrocdn.com blob: 'self' ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.richcall.io *.getflowbox.com *.cookiebot.com *.pinimg.com *.criteo.net *.hotjar.com *.zdassets.com *.bing.com *.cheqzone.com *.clarity.ms *.criteo.com *.datatrics.com unpkg.com *.unpkg.com *.adcalls.nl *.meubelo.nl 'self' data: *.multisafepay.com https://pay.google.com *.googleapis.com *.fontawesome.com *.avada.io *.alothemes.com *.magepow.com *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://cdn.tailwindcss.com/ nitropack.io *.intercom.io *.nitrocdn.com nitroscripts.com *.intercomcdn.com blob: 'self' cdn.jsdelivr.net tm.tradetracker.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.multisafepay.com *.google.com *.alothemes.com *.magepow.com *.sooqr.com *.spotlersearch.com nitropack.io cdnjs.cloudflare.com *.nitrocdn.com blob: 'self' cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zdassets.com *.meubelo.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com www.apptrian.com *.richcall.io *.getflowbox.com *.zendesk.com *.zdassets.com *.pinterest.com *.clarity.ms *.cheqzone.com *.hotjar.com *.zopim.com *.datatrics.com *.doubleclick.net *.adcalls.nl wss://widget-mediator.zopim.com/ *.meubelo.nl 'unsafe-inline' data: 'unsafe-inline' blob: *.multisafepay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com *.getnitropack.com nitropack.io *.intercom.io *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io blob: 'self' 'self' 'unsafe-inline'; child-src *.richcall.io *.getflowbox.com *.meubelo.nl http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src https://*.adyen.com https://paymentacceptsample.cloud.dynamics.com https://*.clarity.ms 'self';connect-src https://*.adyen.com https://*.usercentrics.eu https://*.clarity.ms https://www.google-analytics.com https://analytics.google.com 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com https://www.nile.ch https://scuweijazq811630098-rs.su.retail.dynamics.com/;font-src https://*.typekit.net/ https://*.sharepointonline.com/ 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-src https://*.adyen.com https://*.dynamics.com  https://niletestadb2c.b2clogin.com https://nileuatadb2c.b2clogin.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.clarity.ms;img-src https://*.adyen.com https://*.usercentrics.eu https://*.blob.core.windows.net 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com;media-src https://*.clarity.ms 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com;object-src https://*.clarity.ms 'self';script-src https://*.adyen.com https://*.typekit.net/ https://*.googletagmanager.com/ https://*.google.com/ https://*.gstatic.com/ https://*.clarity.ms https://*.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://www.nile.ch https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src https://*.adyen.com https://*.typekit.net/ 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://www.nile.ch ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self'; 1
report-uri https://mb4.ru/; frame-ancestors 'self' 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com https://player.vimeo.com https://www.youtube-nocookie.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com flagpedia.net *.mobbex.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maps.googleapis.com *.mobbex.com https://player.vimeo.com https://www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.gstatic.com maps.googleapis.com *.mobbex.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.newrelic.com *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.massivespace.rocks *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.twitter.com *.massivespace.rocks *.iconify.design maps.googleapis.com unpkg.com *.demdex.net *.adobedtm.com *.doubleclick.net *.newrelic.com *.weltpixel.com *.google.com *.woxo.tech 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.newrelic.com *.alothemes.com *.magepow.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.adobedtm.com *.doubleclick.net youtube.com *.alothemes.com *.magepow.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.woxo.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com *.fontawesome.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.youtube.com *.alothemes.com *.magepow.com *.google-analytics.com *.facebook.net *.cloudfunctions.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io www.google.com *.googleadservices.com *.facebook.com www.viriyah.com www.google.co.th *.doubleclick.net t.sharethis.com www.googletagmanager.com bcp.crwdcntrl.net buttons-config.sharethis.com c.ltmsphrcl.net platform-api.sharethis.com *.myshopify.com analytics.google.com *.facebook.net data.stbuttons.click metrics.hotjar.io adservice.google.com www.youtube.com *.gstatic.com sync.sharethis.com *.hotjar.com content.hotjar.io l.sharethis.com www.google-analytics.com platform-cdn.sharethis.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'none'; connect-src 'self' wss://ws.goftino.com wss://ws2.goftino.com https://audience.yektanet.com https://*.google-analytics.com https://ua.yektanet.com; font-src 'self'  https://cdn.goftino.com; img-src 'self' blob: data: www.googletagmanager.com https://www.google-analytics.com https://cdn.goftino.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com  https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.yektanet.com https://cdn.goftino.com https://www.goftino.com; style-src 'self' 'unsafe-inline'  https://cdn.goftino.com ; base-uri 'self'; form-action 'self'; media-src https://cdn.goftino.com; frame-src 'self'; 1
font-src *.gstatic.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.yotpo.com 'self' data: *.cloudfront.net *.fontawesome.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.facebook.com *.facebook.net *.moengage.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: 'self' data: *.png *.jpg *.jpeg *.gstatic.com *.googleapis.com *.cloudfront.net *.yotpo.com *.cdninstagram.com *.facebook.com *.facebook.net *.google.com *.google.lk *.clarity.ms *.bing.com *.moengage.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google.com *.gstatic.com *.authorize.net *.cardinalcommerce.com *.googleapis.com *.cloudfront.net *.facebook.net *.newrelic.com *.nr-data.net *.googletagmanager.com *.yotpo.com cdn.rawgit.com *.moengage.com *.jsdelivr.net *.fullstory.com *.hockeystack.com *.clarity.ms *.zdassets.com *.zendesk.com *.allday.com.ph assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.cloudfront.net *.yotpo.com *.fontawesome.com unsafe-inline *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.google-analytics.com *.cardinalcommerce.com *.amazonservices.com *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.nr-data.net *.instagram.com *.dotdigital.com *.comapi.com *.paypal.com *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.moengage.com *.jsdelivr.net *.fullstory.com *.hockeystack.com *.clarity.ms *.zdassets.com *.zendesk.com *.allday.com.ph *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://www.facebook.com/ https://www.rdstation.com.br/ https://yoast.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://in.hotjar.com/ https://pageview-notify.rdstation.com.br/ https://popups.rdstation.com.br/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googleadservices.com/ https://www.google.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.googletagmanager.com https://d335luupugsy2.cloudfront.net https://www.google-analytics.com; img-src 'self' data: https://875084704.privacysandbox.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.facebook.com/ https://eye.rd.services/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://www.google-analytics.com https://secure.gravatar.com https://ps.w.org/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data:  https://fonts.gstatic.com; frame-src 'self' https://www.facebook.com/ https://www.google.com/  https://www.youtube.com/; object-src 'none' 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.trustpilot.com *.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://core.helloretail.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: illow.io *.illow.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * doubleclick.net *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: google.fr *.google.fr google.com.ua *.google.com.ua albacross.com *.albacross.com linkedin.com *.linkedin.com quantserve.com *.quantserve.com openstreetmap.org *.openstreetmap.org socomore.com *.socomore.com *.ads.linkedin.com googlesyndication.com *.googlesyndication.com maps.google.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com licdn.com *.licdn.com quantserve.com *.quantserve.com hotjar.com *.hotjar.com albacross.com *.albacross.com matomo.cloud *.matomo.cloud quantcast.com *.quantcast.com googleoptimize.com *.googleoptimize.com quantcount.com *.quantcount.com personyze.com *.personyze.com clearbitscripts.com *.clearbitscripts.com clearbitjs.com *.clearbitjs.com consensu.org *.consensu.org inmobi.com *.inmobi.com illow.io *.illow.io googlesyndication.com *.googlesyndication.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net maps.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com illow.io *.illow.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net albacross.com *.albacross.com google.fr *.google.fr google.com.ua *.google.com.ua hotjar.io *.hotjar.io hotjar.com *.hotjar.com wss://ws.hotjar.com/ inmobi.com *.inmobi.com consensu.org *.consensu.org clearbit.com *.clearbit.com quantcount.com *.quantcount.com illow.io *.illow.io googlesyndication.com *.googlesyndication.com google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self';   script-src 'self'  'unsafe-inline'  https://*.googletagmanager.com  https://ws.zoominfo.com  https://*.zdassets.com  https://*.zendesk.com  https://*.zopim.com  https://*.sentry.io  wss://*.zendesk.com  wss://*.zopim.com  https://*.youtube.com  scout-cdn.salesloft.com  tools.luckyorange.com  https://*.6sc.co  trk.techtarget.com  tag.clearbitscripts.com  https://*.terminus.services  https://www.googleoptimize.com  x.clearbitjs.com  app.clearbit.com  reveal.clearbit.com  https://*.hubspot.com  https://cdn.jsdelivr.net  https://cdnjs.cloudflare.com  https://fonts.googleapis.com  https://connect.facebook.net  https://js.hs-analytics.net  https://js.hs-banner.com  https://js.hsadspixel.net  https://js.hscollectedforms.net  https://js.hscta.net  https://*.hsforms.net  https://*.hsforms.com  https://js.hsleadflows.net  https://platform.linkedin.com  https://platform.twitter.com  https://*.stackadapt.com  https://script.hotjar.com  https://snap.licdn.com  https://static.hotjar.com  https://vidassets.terminus.services  https://www.googletagmanager.com   https://www.google-analytics.com  https://cdn2.hubspot.net  https://js.hs-scripts.com  https://js.hs-banner.net  https://static.hsappstatic.net  https://js.hubspotfeedback.com  https://js.usemessages.com  https://*.vidyard.com   https://*.clearbitscripts.com  https://*.clearbitjs.com;    style-src 'self'  'unsafe-inline'  https://*.stackadapt.com  https://fonts.googleapis.com  https://fonts.gstatic.com  https://cdn.jsdelivr.net  https://cdn2.hubspot.net  https://cdnjs.cloudflare.com  https://static.hsappstatic.net;    object-src 'none';   base-uri 'self';   connect-src 'self'  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.zdassets.com  https://*.zendesk.com  https://*.zopim.com  https://*.sentry.io wss://*.zendesk.com  wss://*.zopim.com  https://*.stackadapt.com  https://*.googleapis.com  https://*.visitors.live  wss://*.luckyorange.com  wss://*.visitors.live  https://*.oribi.io  https://*.hotjar.io  https://*.techtarget.com  scout.salesloft.com  https://*.luckyorange.com  https://secure.adnxs.com  https://*.6sc.co  https://api.hubapi.com  https://cta-service-cms2.hubspot.com/  https://js.hs-banner.com/  https://cp.hubspot.com  https://forms.hubspot.com  https://*.hotjar.com  wss://*.hotjar.com  https://feedback.hubapi.com  https://www.googletagmanager.com   https://www.google-analytics.com   https://stats.g.doubleclick.net  https://forms.hsforms.com  https://lottie.host   http://localhost:1442/check-if-local-dev-server  https://app.clearbit.com;    font-src 'self'  https://fonts.gstatic.com  https://*.hubspotusercontent-na1.net  https://cdnjs.cloudflare.com;    frame-src 'self'  https://*.youtube.com  https://forms.hsforms.com  https://platform.twitter.com  https://player.vimeo.com  https://vars.hotjar.com  https://*.vidyard.com;    img-src 'self' data:  https://*.google-analytics.com https://*.googletagmanager.com  https://*.linkedin.com  scout.salesloft.com  https://*.luckyorange.com  https://secure.adnxs.com  https://*.6sc.co  https://*.techtarget.com  https://perf.hsforms.com/  https://p.adsymptotic.com/  https://no-cache.hubspot.com/  https://secure.adnxs.com/  https://s.ml-attr.com/  https://attr.ml-api.io/  https://*.hubspotusercontent-na1.net  https://forms.hsforms.com  https://*.ads.linkedin.com  https://static.hsappstatic.net  https://track.hubspot.com  https://wec-assets.terminus.services  https://*.vidyard.com  https://www.google-analytics.com  https://www.google.com  https://match.adsrvr.org  https://wec-assets-api.terminus.services;    manifest-src 'self';  media-src 'self'; worker-src ‘self; prefetch-src 'self' https://static.hsappstatic.net  https://fonts.googleapis.com  https://fonts.gstatic.com21214 1
font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com cdn.checkout.com *.klevu.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.hotjar.com *.doubleclick.net *.epdq.co.uk *.demdex.net *.facebook.net *.facebook.com websiteintegration.source.thenbs.com account.fetchify.com business.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.eidemo.biz *.facebook.net *.facebook.com *.google.co.in *.demdex.net *.omtrdc.net maps.googleapis.com *.klevu.com *.postcodeanywhere.co.uk *.paypalobjects.com https://cm.everesttech.net *.trustpilot.com amasty.com *.ayko.com *.aqualisa.co.uk *.hubspot.com *.hsforms.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.aspnetcdn.com *.hotjar.com *.gatorleads.co.uk *.facebook.net *.facebook.com *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.sellxed.com *.klevu.com https://bam.nr-data.net https://js-agent.newrelic.com *.pcapredict.com *.braintreegateway.com *.postcodeanywhere.co.uk *.nr-data.net *.newrelic.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com jquery.sellxed.com *.avada.io business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.klevu.com *.postcodeanywhere.co.uk *.trustpilot.com *.google.com https://optimize.google.com cc-cdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.hotjar.com *.facebook.net *.facebook.com *.demdex.net https://bam.nr-data.net *.postcodeanywhere.co.uk *.amcglobal.sc.omtrdc.net *.hotjar.io *.trustpilot.com *.klevu.com *.nr-data.net *.ksearchnet.com *.hubspot.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-xeTiLvuKTKICsVLDL4ehhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-nTuiPvIWK69FiDTQXn-rrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net https://payment-stage.ecpay.com.tw/ https://payment.ecpay.com.tw/ 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.facebook.net *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com *.google.com *.google.com.tw *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.google.com.ua https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.google.com/ ajax.googleapis.com *.instagram.com maps.googleapis.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.gstatic.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.instagram.com *.googleusercontent.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fonts.gstatic.com *.tawk.to *.datatables.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.doubleclick.net *.trustpilot.com wilkepromotion.ladesk.com *.ladesk.com *.issuu.com *.facebook.com *.google.com *.streetfood-tes.os.tc streetfood-tes.os.tc *.datatables.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.sg *.google.com.ph *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.ssl.gstatic.com tawk.link *.jsdelivr.net wilkepromotion.ladesk.com sumo.com *.sumo.com *.datatables.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.assets.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.paypal.com *.tagmanager.google.com *.trustpilot.com *.sumo.com sumo.com *.tawk.to tawk.link *.jsdelivr.net wilkepromotion.ladesk.com *.crazyegg.com *.issuu.com *.datatables.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.tagmanager.google.com *.fonts.googleapis.com *.jsdelivr.net *.datatables.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.adobe.com *.facebook.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.trustpilot.com *.sumo.com *.tawk.to tawk.to sumo.com *.crazyegg.com *.datatables.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.googleapis.com *.googleapis.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com maps.googleapis.com lightwidget.com *.maps.gstatic.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.addthisedge.com *.twitter.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com s7.addthis.com *.addthis.com *.moatads.com *.facebook.com *.googleapis.com *.placeholder.com *.maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com maps.googleapis.com cdn.lightwidget.com *.instagram.com *.cdninstagram.com s7.addthis.com *.placeholder.com *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com facebook.net *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net admor.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl paywall.imoje.pl process.paypo.pl eblik.pl javascript admor.co 'self' 'unsafe-inline'; frame-ancestors admor.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://geowidget-app.inpost.pl/ admor.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://images.unsplash.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com 'self' data: scontent-waw1-1.cdninstagram.com www.google.pl scontent-fra5-2.cdninstagram.com scontent-fra5-1.cdninstagram.com scontent-fra3-2.cdninstagram.com scontent.cdninstagram.com scontent-vie1-1.cdninstagram.com us-ms.gr-cdn.com scontent-fra3-1.cdninstagram.com data.imoje.pl www.google.co.uk www.google.com.tr www.google.hu www.przelewy24.pl pagead2.googlesyndication.com www.admor.co admor.co *.google.pl *.gr-cdn.com *.googleadservices.com *.google-analytics.com *.cdninstagram.com *.imoje.pl embedsocial.com *.embedsocial.com *.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.hsforms.net *.hsforms.com ga.getresponse.com www.google.com analytics.tiktok.com code.jquery.com cdnjs.cloudflare.com admor.co *.apptrian.com *.facebook.com *.getresponse.com *.gr-cdn.com *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com fonts.cdnfonts.com cdnjs.cloudflare.com geowidget.inpost.pl admor.co fonts.bunny.net *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline'; object-src admor.co none 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com https://geowidget.easypack24.net data admor.co *.google.pl *.google.com *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src admor.co 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.hsforms.net *.hsforms.com region1.analytics.google.com ga2.getresponse.com graph.instagram.com analytics.pangle-ads.com adservice.google.com ts.getresponse.pl popups1-show.getresponse.com popups1-s.getresponse.com www.google.gr data service.gstatic-cache.com d2pky5fwbi4lk0.cloudfront.net www.google.hr admor.co *.instagram.com *.getresponse.com *.google.pl google.pl *.pangle-ads.com *.getresponse.pl *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tiktok.com *.apptrian.com *.get.geojs.io *.cookiefirst.com embedsocial.com *.embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com admor.co http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com admor.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri admor.co 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
font-src 'self' data: cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.tawk.to https://webchat.saysimple.io/ *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://player.vimeo.com/ *.google.com https://googleads.g.doubleclick.net/ https://www.google.nl/ consentcdn.cookiebot.com consentcdn.cookiebot.eu https://ct.pinterest.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.doubleclick.net 'self' data: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tawk.to tawk.link *.facebook.com *.gravatar.com https://imgsct.cookiebot.com/1.gif https://ct.pinterest.com/v3/* *.google.com *.google.bg *.facebook.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tawk.to player.vimeo.com http://player.vimeo.com/api/player.js chimpstatic.com https://connect.facebook.net/ https://webchat.saysimple.io/ *.smooch.io https://cdn.pixibo.com/ consent.cookiebot.com consent.cookiebot.eu https://s.pinimg.com/ct/lib/main.742e9fad.js https://s.pinimg.com/ct/core.js https://ct.pinterest.com/static/ct/token_create.js *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.jsdelivr.net *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com/api/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com 'self' data: *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com/ *.paypal.com *.tawk.to 'self' ws: https://stats.g.doubleclick.net/ https://webchat.saysimple.io/ *.smooch.io *.gravatar.com https://*.pixibo.dev/ consentcdn.cookiebot.com consentcdn.cookiebot.eu https://ct.pinterest.com/* https://ct.pinterest.com/v3/* https://ct.pinterest.com/user/* *.facebook.com *.facebook.net *.google.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' data: *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.typekit.net *.easypack24.net *.google.pl *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com *.ceneo.pl *.dpd.com.pl *.cookiebot.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com https://ssl.ceneo.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com 'self' data: *.amazonaws.com *.imgur.com *.ekomiapps.de *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.facebook.com *.magentocommerce.com *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.sysadvisors.pl *.google.pl *.google.com *.cookiebot.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com *.gstatic.com https://ssl.ceneo.pl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com *.google.pl *.ekomiapps.de *.hotjar.com *.sysadvisors.pl *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.cardinalcommerce.com *.authorize.net *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.googletagmanager.com *.facebook.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.ekomiapss.de *.easypack24.net *.allekurier.pl *.google.com *.cookiebot.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.ekomiapps.de *.sysadvisors.pl *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.easypack24.net *.google.pl *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.google-analytics.com *.ekomiapps.de *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.paypal.com *.sysadvisors.pl *.salesmanago.pl *.googleadservices.com *.google.pl *.google.com *.googlesyndication.com *.cookiebot.com *.saleago.com *.hotjar.io *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.openstreetmap.org *.paypal.com *.google.pl *.google.com *.tile.osm.org 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com polyfill.io jquery.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cashpresso.com *.gstatic.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.trackedlink.net s7.addthis.com https://www.googletagmanager.com tagmanager.google.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cashpresso.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.algolia.net *.algolia.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.google-analytics.com *.doubleclick.net *.cashpresso.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.addthis.com js.mollie.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net js.mollie.com *.sendcloud.sc *.jsdelivr.net *.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com https://cdn.jsdelivr.net *.sendcloud.sc *.jsdelivr.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com ekr.zdassets.com/ *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.g.doubleclick.net *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://mas.astralweb.com.tw *.facebook.com *.facebook.net *.cloudflare.com *.ytimg.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.magentocommerce.com *.gstatic.com *.cloudfront.net *.google.com *.google.com.tw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.g.doubleclick.net *.facebook.com *.awoo.org *.tigerfly.tw *.awoo.com *.avada.io https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.awoo.org *.tigerfly.tw *.awoo.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com *.modirum.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.google-analytics.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.termsfeed.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr downloads.mailchimp.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.paypal.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://staging.atcb2b.gr/; report-to report-endpoint; 1
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com www.paypalobjects.com t.paypal.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org cdn.krxd.net *.clarity.ms stackpath.bootstrapcdn.com cdnjs.cloudflare.com analytics.google.com *.facebook.net www.google-analytics.com *.onetrust.com cdn.jsdelivr.net www.googletagmanager.com www.google.com *.googleapis.com www.google.com.pe *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.googleadservices.com www.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.googleadservices.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.google-analytics.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.gstatic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com https://*.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.facebook.com https://*.youtube.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com https://*.bing.com https://*.pinterest.com https://*.clarity.ms https://*.paypal.com https://*.paypalobjects.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.adobe.com https://*.adobedtm.com https://*.youtube.com https://*.cloudflare.com https://*.ytimg.com https://*.cardinalcommerce.com https://*.googleads.g.doubleclick.net https://amcglobal.sc.omtrdc.net https://dpm.demdex.net https://cm.everesttech.net https://*.magentocommerce.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.feedbackcompany.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.pinimg.com https://*.bing.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.google.com https://*.paypal.com https://*.paypalobjects.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.adobe.com https://*.adobedtm.com https://*.youtube.com https://*.cloudflare.com https://*.ytimg.com https://*.cardinalcommerce.com https://prism.app-us1.com https://trackcmp.net *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://*.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.feedbackcompany.com https://*.pinterest.com https://*.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.tawk.to fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.hotjar.com maps.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.hotjar.com maps.googleapis.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https://widgets.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com landofcoder.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.razorpay.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net *.meetanshi.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com *.youtube.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com landofcoder.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com checkout.razorpay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com landofcoder.com *.google-analytics.com *.google.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.google.fr *.google.ie 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mlstatic.com *.mercadopago.com www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.googleapis.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self'; script-src-elem 'self'; style-src-elem 'self'; style-src-attr 'self'; script-src-attr 'self'; img-src 'self' 1
font-src fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: stats.g.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com https://int-ecommerce.nexi.it/ecomm/XPayBuild/ *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.twitter.com *.addthis.com https://int-ecommerce.nexi.it/ https://hal9000.redintelligence.net/ https://ad4m.at/frame.html *.hotjar.com *.criteo.com *.klarna.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com https://ecommerce.nexi.it/ecomm/payment/img/visa.svg https://ecommerce.nexi.it/ecomm/payment/img/mastercard.svg https://ecommerce.nexi.it/ecomm/payment/img/logoNexiLarge.png https://ecommerce.nexi.it/ecomm/payment/img/maestro.svg https://form.jotform.com/ https://www.google.it/ https://as.ad4m.at/ad/ https://r.adserver01.de/rt/ *.taboola.com/ https://track.adform.net/ https://ads.creative-serving.com/ https://adservice.google.it/ https://secure.adnxs.com/ https://events.jotform.com/jsform/ *.favicon.ico https://cdn.jotfor.ms/assets/img/logo/logo-new@1x.png https://cdn.jotfor.ms/favicon.ico https://tr.outbrain.com/unifiedPixel https://criteo-partners.tremorhub.com/ https://contextual.media.net/ https://ad.360yield.com/ https://jadserve.postrelease.com https://simage2.pubmatic.com/ https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://visitor.omnitagjs.com/ https://s.thebrighttag.com *.criteo.com/ *.analytics.yahoo.com/ https://beacon.krxd.net/ https://x.bidswitch.net/ https://e1.emxdgt.com/ *.ads.yieldmo.com https://ad.yieldlab.net/ https://match.sharethrough.com/ https://sync.outbrain.com/ https://exchange.mediavine.com/ https://matching.ivitrack.com/ https://id5-sync.com *.klarna.com *.klarnaevt.com *.klarnacdn.net int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.nr-data.net js-agent.newrelic.com cdn.scalapay.com int-ecommerce.nexi.it form.jotform.com www.dwin1.com ad4m.at *.taboola.com *.hotjar.com *.outbrain.com static.criteo.net static.hotjar.com cdn.jotfor.ms dynamic.criteo.com *.smct.io *.smct.co https://smct.co/ *.iubenda.com hits-i.iubenda.com *.mainadv.com *.klarna.com *.klarnacdn.net ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com https://form.jotform.com/ *.jotfor.ms *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.nr-data.net https://int-ecommerce.nexi.it/ *.hotjar.com https://stats.g.doubleclick.net/j/collect *.criteo.com https://trc-events.taboola.com/1052370/log/3/unip https://firehose.eu-west-1.amazonaws.com https://hits-i.iubenda.com/write https://cognito-identity.eu-west-1.amazonaws.com/ https://tr.outbrain.com/ https://www.wepowerconnections.com/ *.klarnaevt.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://integration-5ojmyuq-zgzvw2kr4mr5m.eu-5.magentosite.cloud/italiano; report-to report-endpoint; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://unpkg.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.hsforms.net *.hsforms.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://stats.g.doubleclick.net/ https://region1.analytics.google.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; frame-src https://td.doubleclick.net/ https://www.googletagmanager.com/ fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; script-src https://googleads.g.doubleclick.net/ assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.chimpstatic.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com www.google.co.in cannonhome.cl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com unpkg.com wchat.freshchat.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ https://www.gstatic.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com fonts.googleapis.com wchat.freshchat.com www.gstatic.com unsafe-inline assets.braintreegateway.com *.googletagmanager.com *.cookielaw.org cdn.dnky.co 'self' 'unsafe-inline'; object-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; media-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com stats.g.doubleclick.net videelect.icu regtech.sbs www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cookielaw.org api.comapi.com bam.nr-data.net 'self' 'unsafe-inline'; child-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com s7.addthis.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com centrada.ucsnet.nl; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://centrada.nl matomoembraceklantportaal.azurewebsites.net; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com ; frame-ancestors 'self' ;  1
font-src *.gstatic.com 'self' data:  *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: cenuklubs.lv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.cookie-script.com *.gstatic.com *.googleapis.com *.google.com data: *.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com t.elasticsuite.io *.google-analytics.com *.cookie-script.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.hotjar.com *.typekit.net *.feedbackcompany.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com *.weltpixel.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * *.feedbackcompany.com 'self' data: *.multisafepay.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com *.googleadservices.com *.cookiefirst.com www.gstatic.com s7.addthis.com *.multisafepay.com https://pay.google.com www.google.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net *.googleapis.com 'unsafe-inline' data: *.curator.io *.cookiefirst.com maxcdn.bootstrapcdn.com *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com curatorio.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com ekr.zdassets.com/ *.multisafepay.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io upstream.heidipay.com *.avada.io twitter.com platform.twitter.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com upstream.heidipay.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.g.doubleclick.net https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.google.com *.google.com.ar *.googlesyndication.com  *.googleapis.com  *.googletagmanager.com *.gstatic.com  *.facebook.com blob: https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.g.doubleclick.net *.googlesyndication.com *.google.com.ar  *.googleadservices.com  *.googleapis.com  *.nr-data.net  *.facebook.net  *.newrelic.com *.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.g.doubleclick.net  *.googleapis.com  *.nr-data.net  *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.mollie.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com js.mollie.com *.googleapis.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.mlstatic.com *.mercadopago.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.canadapost.ca https://sso.epost.ca *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src *.hotjar.com *.hubspot.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; connect-src va.tawk.to *.tawk.to wss://*.tawk.to wss://*.hotjar.com *.hubspot.com *.hotjar.com *.hotjar.io *.hscollectedforms.net dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; script-src embed.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.hotjar.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com cloud.affiliationfocus.com *.hubspot.com *.usemessages.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src embed.tawk.to *.gstatic.com data: *.googleapis.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; style-src embed.tawk.to *.googleapis.com *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; img-src embed.tawk.to *.facebook.com facebook.com www.facebook.com *.hsforms.com forms.hsforms.com *.hubspot.com google.ca assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.addthisedge.com *.twitter.com mageside.com *.canadapost.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://script.hotjar.com https://fonts.gstatic.com https://use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ ipinfo.io www.facebook.com platform.twitter.com https://vars.hotjar.com https://4914179.fls.doubleclick.net https://pixel.mathtag.com https://www.facebook.com https://bid.g.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://ssl.widgets.webengage.com https://zc2ab3220.webengage.co https://z2024bb90.webengage.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://www.google.com https://www.google.co.in https://ds0rwwup944qj.cloudfront.net https://www.googletagmanager.com https://www.facebook.com https://script.hotjar.com https://images.notifications-icommkt.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.e-compreahora.com https://connect.facebook.net https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://dgn3cmgewqdgl.cloudfront.net https://afiles.webengage.com https://maps.gstatic.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ipinfo.io connect.facebook.net twitter.com platform.twitter.com https://d12zyq17vm1xwx.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://storage.cdn.braindw.com https://s.braindw.com https://www.paypal.com https://www.sandbox.paypal.com https://externalassets.icommarketing.com https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://c.webengage.com https://static.zdassets.com https://bam.nr-data.net https://use.fontawesome.com https://maps.googleapis.com https://polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ipinfo.io https://s.braindw.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://in.hotjar.com wss://ws14.hotjar.com https://script.crazyegg.com https://www.facebook.com https://bam-cell.nr-data.net https://www.google-analytics.com https://unileverbrazil.demdex.net https://surveystats.hotjar.io https://u.braindw.com https://track-icommkt.com https://gstatic.com https://vc.hotjar.io wss://ws12.hotjar.com wss://ws2.hotjar.com https://ws12.hotjar.com https://ws2.hotjar.com https://www.paypal.com https://www.sandbox.paypal.com https://p.braindw.com https://connect.facebook.net https://cdn.cookielaw.org https://c.webengage.com https://ekr.zdassets.com https://martech2364.zendesk.com https://bam.nr-data.net https://maps.googleapis.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com/request/v1/consentreceipts 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests ; child-src 'none'; connect-src 'self' https://static-www.comune.siracusa.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ingestion.webanalytics.italia.it; default-src 'self'; font-src https://static-www.comune.siracusa.it 'self' data:; frame-src https://consent.cookiebot.com https://consentcdn.cookiebot.com; img-src 'self' data: https://secure.gravatar.com https://tile.openstreetmap.org https://static-www.comune.siracusa.it https://imgsct.cookiebot.com; manifest-src 'none'; media-src 'self' https://static-www.comune.siracusa.it; object-src 'none'; script-src 'none'; script-src-attr 'unsafe-inline'; script-src-elem https://code.jquery.com https://nominatim.openstreetmap.org https://static-www.comune.siracusa.it 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ingestion.webanalytics.italia.it; style-src 'none'; style-src-attr 'unsafe-inline'; style-src-elem https://static-www.comune.siracusa.it 'self' 'unsafe-inline'; worker-src blob:; report-uri https://4p41vfxq6c.execute-api.eu-central-1.amazonaws.com/prd/report; report-to https://4p41vfxq6c.execute-api.eu-central-1.amazonaws.com/prd/report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' construmarques.com.br *.construmarques.com.br construmarques.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.egoi.site egoi.site *.e-goi.com *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.azurewebsites.net *.blob.core.windows.net *.boletoflex.com samuraiexpertsstorage.blob.core.windows.net boletoflexhom.azurewebsites.net boletoflex.azurewebsites.net *.bflx.com.br *.google.com analytics.google.com *.g.doubleclick.net *.googleadservices.com *.com.au service.smarthint.co *.google.com.br *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.construmarques.com.br construmarques.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com *.avada.io *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.youtube.com/ validator.swagger.io https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com/ www.vimeo.com *.vimeocdn.com https://www.youtube.com/ *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ *.vimeocdn.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ https://vimeo.com/ *.vimeocdn.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com/ www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://analytics.google.com/ https://www.google.com/ *.googlevideo.com/ https://www.facebook.com/ *.facebook.net/ https://www.youtube.com/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://yt3.ggpht.com/ *.vimeocdn.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.instagram.com *.google.com/ *.doubleclick.net www.facebook.com *.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com data: maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.cloudfront.net google.com google.ro *.google.ro *.coriolan.ro connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com https://api.mapbox.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.chimpstatic.com www.googleadsservices.com *.cardinalcommerce.com *.paypal.com *.zdassets.com connect.facebook.net business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.google.com *.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com profiles.coriolan.ro geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.cardinalcommerce.com *.amazon.com *.yotpo.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.playground.klarna.com *.coriolan.ro odoo.coriolan.ro:8443 profile.coriolan.ro *.doubleclick.net *.google-analytics.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com autocomplete2.postdirekt.de klarna.com *.klarnacdn.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.oppwa.com oppwa.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.oppwa.com oppwa.com *.google.com/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.oppwa.com oppwa.com https://www.magezon.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://maps.gstatic.com https://maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.jquery.com *.oppwa.com oppwa.com s7.addthis.com *.avada.io https://maps.googleapis.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.oppwa.com oppwa.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.oppwa.com oppwa.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.gstatic.com https://*.typekit.net *.klarnacdn.net klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com https://*.google.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.hotjar.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://plumrocket.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com https://www.google.com *.opayo.eu.elavon.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com klarna.com *.klarnaevt.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.stripe.com https://*.googleapis.com *.opayo.eu.elavon.com https://*.typekit.net *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com secure.payu.com merch-prod.snd.payu.com klarna.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.pinterest.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: *.pinterest.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.klarna.com https://www.googletagmanager.com/ *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ consentcdn.cookiebot.com *.facebook.com web.facebook.com trustmate.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io platnosci.bm.pl www.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.facebook.com/ *.google.pl bat.bing.com cdn.klarna.com *.analytics.google.com *.googleapis.com *.mapbox.com trustmate.io cdn.trustmate.io *.facebook.com www.google.pl *.wp.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.packeta.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com www.googletagmanager.com d3bo67muzbfgtl.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com clarity.ms static.payu.com nominatim.openstreetmap.org cdngazeta.pl gazeta.pl google.pl mail.desportivo.pl ga.getresponse.com us-an.gr-cdn.com popups1-show.getresponse.com us-wbe.gr-cdn.com *.recostream.com trustmate.io trustmate.tech ga2.getresponse.com mail.desportivo.pl/de/rocz/sk wbe1.getresponse.com mail.desportivo.de mail.desportivo.ro mail.desportivo.cz mail.desportivo.sk recostream.com js-agent.newrelic.com/ *.wp.pl wp.pl pixel.wp.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com secure.przelewy24.pl static.payu.com trustmate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com api.edrone.me stream.cloud.witbee.com j.clarity.ms google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com  ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cardlink.gr 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com google.com google.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com facebook.com connect.facebook.net google.gr google-analytics.com *.cardlink.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' domidona.com.br *.domidona.com.br domidona.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.ebit.com.br imgs.ebit.com.br *.sizebay.technology *.widde.io static.sizebay.technology *.trustvox.com.br *.hotjar.com *.cartstack.com.br *.tiktok.com *.rdstation.com.br *.g.doubleclick.net *.googleadservices.com *.google.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.domidona.com.br domidona.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
default-src 'unsafe-inline' 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; img-src 'unsafe-inline' 'self' *; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.youtube.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.oct8ne.com https://static.oct8ne.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mercadolibre.com *.oct8ne.com https://static.oct8ne.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.vimeo.com *.afip.gob.ar *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.oct8ne.com https://static.oct8ne.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.mlstatic.com *.mercadopago.com *.oct8ne.com https://static.oct8ne.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://live.decidir.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.afip.gob.ar https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.mercadopago.com *.mercadolibre.com *.oct8ne.com https://static.oct8ne.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://developers.decidir.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com instantcredit.net test.instantcredit.net https://oct8necdneu.azureedge.net *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors localhost:* *.motive.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com *.motive.co instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://www.google.com https://www.google.es https://rt.flix360.com https://oct8necdneu.azureedge.net http://media.flixcar.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.avada.io *.motive.co www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://cdn.connectif.cloud https://static-eu.oct8ne.com https://cdn.aplazame.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com instantcredit.net test.instantcredit.net https://integrations.etrusted.com http://media.flixcar.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io *.motive.co instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://api.aplazame.com https://frontal-eu.oct8ne.com https://backoffice-eu.oct8ne.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
frame-src 'self' td.doubleclick.net youtube.com *.youtube.com; report-uri /infra/monitoring/csp 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.nagich.co.il *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * gateway20.pelecard.biz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.google.com *.facebook.com *.googleapis.com  *.cloudfront.net paypal.com paypalobjects.com *.paypal.com s.ytimg.com  *.ssl-images-amazon.com  *.ssl-images-amazon.co.uk  *.ssl-images-amazon.jp  *.ssl-images-amazon.co.jp  *.ssl-images-amazon.it  *.ssl-images-amazon.fr  *.ssl-images-amazon.es  *.media-amazon.com  *.media-amazon.co.uk  *.media-amazon.co.jp  *.media-amazon.jp  *.media-amazon.it  *.media-amazon.fr  *.media-amazon.es *.nagich.co.il www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com gateway20.pelecard.biz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.googleapis.com  *.cloudfront.net paypal.com paypalobjects.com widgets.magentocommerce.com *.paypal.com fpdbs.sandbox.paypal.com  *.ssl-images-amazon.com  *.ssl-images-amazon.co.uk  *.ssl-images-amazon.jp  *.ssl-images-amazon.co.jp  *.ssl-images-amazon.it  *.ssl-images-amazon.fr  *.ssl-images-amazon.es  *.media-amazon.com  *.media-amazon.co.uk  *.media-amazon.co.jp  *.media-amazon.jp  *.media-amazon.it  *.media-amazon.fr  *.media-amazon.es *.gstatic.com jquery.sellxed.com *.vimeo.com video.google.com js.braintreegateway.com *.nagich.co.il *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.google.com 'unsafe-eval' data: connect.facebook.net *.doubleclick.net system.user-a.co.il assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com gateway20.pelecard.biz 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com/ *.nagich.co.il *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://www.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://a.klaviyo.com *.cdninstagram.com *.fbcdn.net *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com vimeo.com www.youtube.com data: js.braintreegateway.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.retailrocket.net https://static.klaviyo.com https://fast.a.klaviyo.com https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: getfirebug.com fonts.googleapis.com downloads.mailchimp.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: use.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ js.mollie.com *.sendcloud.sc *.jsdelivr.net *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.gstatic.com maps.googleapis.com *.cloudfront.net https://www.mollie.com *.amazonaws.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com s7.addthis.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.sendcloud.sc *.jsdelivr.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://cdn.jsdelivr.net/gh/orestbida/cookieconsent@v3.0.0/dist/cookieconsent.umd.js *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.sendcloud.sc *.jsdelivr.net *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/gh/orestbida/cookieconsent@v3.0.0/dist/cookieconsent.css use.fontawesome.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://*.ingest.sentry.io *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com http://fonts.gstatic.com https://online.feliubadalo.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://online.feliubadalo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.es https://online.feliubadalo.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.doofinder.com https://eu1-search.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://online.feliubadalo.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com http://fonts.googleapis.com https://online.feliubadalo.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://eu1-search.doofinder.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be http://77.224.171.53:7047 http://77.224.171.49:7047 https://online.feliubadalo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.paytrail.com https://resources.paytrail.com https://cdn2.hubspot.net https://www.maksuturva.fi *.cloudfront.net *.googleusercontent.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io https://www.google.com https://www.gstatic.com https://embed.trustmary.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://embed.trustmary.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io https://www.google-analytics.com https://embed.trustmary.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.facebook.com https://www.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net https://www.gstatic.com https://translate.googleapis.com https://fonts.gstatic.com http://translate.google.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com https://translate.googleapis.com http://translate.google.com https://translate-pa.googleapis.com s7.addthis.com *.avada.io *.facebook.net *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com www.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://translate.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.dhlparcel.nl *.fontawesome.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.facebook.com www.xtento.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com http://www.youtube.com https://vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.fournituren4fun.eu *.googleapis.com www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.multisafepay.com https://stats.g.doubleclick.net https://www.google.com http://www.google.com https://www.google.nl http://www.google.nl https://dev.visualwebsiteoptimizer.com http://www.w3.org 'self' data: 'self'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.dhlparcel.nl *.newrelic.com *.nr-data.net www.xtento.com cdn.xtento.com s7.addthis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.multisafepay.com https://pay.google.com https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://polyfill.io http://assets.pinterest.com https://log.pinterest.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.googletagmanager.com http://dev.visualwebsiteoptimizer.com https://www.google.com https://www.gstatic.com *.google.com *.gstatic.com https://www.clarity.ms https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.dhlparcel.nl *.fontawesome.com *.multisafepay.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.googleapis.com *.facebook.com *.nr-data.net *.analytics.google.com ekr.zdassets.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.multisafepay.com https://in.hotjar.com https://vc.hotjar.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com https://docs.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com device.clearsale.com.br www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com tokenizer.gerencianet.com.br device.clearsale.com.br www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://sandbox.gerencianet.com.br https://api.gerencianet.com.br https://www.googletagmanager.com https://www.google-analytics.com https://docs.google.com *.avada.io https://player.vimeo.com https://www.youtube.com *.pagseguro.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com fonts.gstatic.com *.fontawesome.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://player.vimeo.com https://www.youtube-nocookie.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.mercadopago.com https://player.vimeo.com https://www.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cityfarmer.fr *.graines-et-bio.fr *.googleapis.com *.google.fr *.google.com *.google.ca *.google.be *.google.ch *.gstatic.com *.doubleclick.net *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.trustpilot.com api.prestashop.com *.facebook.net *.facebook.com *.pinterest.com *.clarity.ms *.bing.com; img-src 'self' data: *.cityfarmer.fr *.graines-et-bio.fr *.prestashop.com *.google.fr *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.facebook.net *.facebook.com *.pinterest.com *.clarity.ms *.bing.com; report-uri /csp-report-uri.php 1
font-src *.klarnacdn.net https://*.bootstrapcdn.com *.fontawesome.com *.alothemes.com *.magepow.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://greencut-tools.com https://*.greencut-tools.com https://fitfiu-fitness.com https://*.fitfiu-fitness.com https://mc-haus.com https://*.mc-haus.com https://beeloomkids.com https://*.beeloomkids.com https://*.googlesyndication.com https://*.usercentrics.eu https://*.facebook.com https://*.google.com https://*.google.es https://*.google.fr https://*.google.it https://*.google.de *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.redsys.es http://*.redsys.es *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.facebook.net https://*.usercentrics.eu https://*.hotjar.com https://capturly.com https://*.capturly.com https://*.tiktok.com https://*.tailwindcss.com *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://*.bootstrapcdn.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.usercentrics.eu https://capturly.com https://*.capturly.com https://*.tiktok.com https://*.hotjar.io wss://ws.hotjar.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' Gringamx.com *.Gringamx.com Gringamx.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.traycheckout.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleadservices.com googleadservices.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.Gringamx.com Gringamx.com; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://live.decidir.com *.avada.io *.mlstatic.com *.mercadopago.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://developers.decidir.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com forms.syncrony.com www.halsteds.co.zw *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.halsteds.co.zw www.google.co.za *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.fontawesome.com *.googleapis.com *.gstatic.com *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com forms.syncrony.com www.googletagmanager.com www.halsteds.co.zw https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com forms.syncrony.com www.halsteds.co.zw tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com analytics.google.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.gstatic.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.dinamize.com *.smarthint.co *.facebook.net *.facebook.com data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://static.handbookonline.com.br https://media.handbookonline.com.br *.doubleclick.net *.googletagmanager.com *.dinamize.com *.smarthint.co https://accounts.google.com https://www.facebook.com https://login.live.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.dinamize.com *.smarthint.co *.lightwidget.com *.facebook.net *.facebook.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.googleadservices.com *.google-analytics.com *.paypal.com *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.googletagmanager.com *.smarthint.co *.dinamize.com *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.google.com *.google.com.br *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.lightwidget.com *.smarthint.co *.dinamize.com *.facebook.net *.facebook.com *.pagseguro.com.br https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.googleapis.com *.doubleclick.net *.google.com *.google.com.br *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.smarthint.co *.dinamize.com https://connect.facebook.net *.facebook.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.paypal.com *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.lightwidget.com *.dinamize.com *.smarthint.co *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ad.presco.asia aigent2.silveregg.net ajax.googleapis.com apis.google.com assets.adobedtm.com b92.yahoo.co.jp b97.yahoo.co.jp cdn.kaizenplatform.net cdnjs.cloudflare.com cdnpc.hatarakunavi.net cdnsp.hatarakunavi.net code.usergram.info connect.facebook.net d.line-scdn.net googleads.g.doubleclick.net h.accesstrade.net harpoon3.userdive.com maps-api-ssl.google.com maps.googleapis.com media.line.me munchkin.marketo.net platform.twitter.com s.yimg.jp s.yjtag.jp social-plugins.line.me ssl.google-analytics.com sslwidget.criteo.com static.criteo.net static.karte.io support-widget.nakanohito.jp sync-tag.karte.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.line-website.com www.youtube.com yjtag.yahoo.co.jp am.yahoo.co.jp b99.yahoo.co.jp dmp.im-apps.net score.im-apps.net sync.im-apps.net bs.karte.io bypass.ad-stir.com af.tosho-trading.co.jp bs.ad-stir.com tpc.googlesyndication.com cdnsp.hatarakunavi.net b98.yahoo.co.jp cdnpc.hatarakunavi.net am.yahoo.co.jp b99.yahoo.co.jp developers.line.biz dmp.im-apps.net score.im-apps.net sync.im-apps.net bs.karte.io cdn-edge.karte.io bypass.ad-stir.com b98.yahoo.co.jp  www.clarity.ms am.yahoo.co.jp b99.yahoo.co.jp bypass.ad-stir.com dmp.im-apps.net score.im-apps.net sync.im-apps.net www.clarity.ms  code.jquery.com assets.backlog.jp b91.yahoo.co.jp gc.kis.v2.scr.kaspersky-labs.com cdn-edge.karte.io b.karte.io developers.line.biz ; report-uri /php/csp_report.php; 1
font-src *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.gstatic.com *.doubleclick.net *.imgix.net *.bird.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.imgix.net *.axept.io *.googletagmanager.com *.google.com *.gstatic.com *.doubleclick.net https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.googletagmanager.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.axept.io *.google-analytics.com *.google.com *.doubleclick.net *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: herorefacciones.mx www.google-analytics.com www.googletagmanager.com *.googleapis.com services.italika.mx *.doubleclick.net www.herorefacciones.mx ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de htakip.test operator-test.hisarustuinsaat.com.tr operator.hisarustuinsaat.com.tr *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de htakip.test operator-test.hisarustuinsaat.com.tr operator.hisarustuinsaat.com.tr *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://dpm.demdex.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com *.homelux.ro 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.homelux.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.2performant.com *.addthis.com *.cookiebot.com *.googlesyndication.com *.homelux.ro *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com blob: *.google.ro *.google-analytics.com *.googlesyndication.com *.homelux.ro *.pinterest.com *.magentocommerce.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.2performant.com *.addthis.com *.biano.ro chimpstatic.com *.cookiebot.com *.googleadservices.com *.googlesyndication.com *.homelux.ro *.moatads.com *.pinimg.com https://unpkg.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.homelux.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.addthis.com *.biano.ro *.cookiebot.com *.doubleclick.net *.googlesyndication.com *.homelux.ro *.pinterest.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.ici-store.com *.matomo.cloud https://cdnjs.cloudflare.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.ici-store.com *.matomo.cloud *.cdn-cookieyes.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.ici-store.com *.matomo.cloud *.googletagmanager.com *.cdn-cookieyes.com https://cdnjs.cloudflare.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com data: *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.ici-store.com *.matomo.cloud https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.ici-store.com *.matomo.cloud *.cdn-cookieyes.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.matomo.cloud 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.google-analytics.com *.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.br analytics.google.com www.googletagmanager.com content www.google.com *.gstatic.com *.googleapis.com *.doubleclick.net use.typekit.net www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.yotpo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.youtube.com *.paypal.com *.yotpo.com *.creditguard.co.il *.vimeo.com *.googletagmanager.com *.google.com *.xtento.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.gstatic.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il https://www.google *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il *.vimeo.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.youtube.com *.xtento.com *.paypal.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il vimeo.com player.vimeo.com *.luckyorange.com *.googleapis.com wss://realtime.luckyorange.com wss://in.visitors.live/socket.io wss://in.visitors.live/socket.io/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.sagepay.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com secure.payu.com merch-prod.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com https://player.vimeo.com https://www.youtube.com secure.payu.com secure.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com http://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.sagepay.com https://fonts.googleapis.com https://fonts.gstatic.com secure.payu.com merch-prod.snd.payu.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://webpay3gint.transbank.cl 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.google.com http://www.google.com https://www.facebook.com https://web.facebook.com https://bid.g.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com https://www.facebook.com https://www.google.com https://www.google.cl https://maps.gstatic.com https://maps.googleapis.com https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://pushcrew.com *.alothemes.com *.magepow.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.apptrian.com https://www.google.cl https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://fonts.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com *.gstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.google.com https://tracking.krip.cl https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.fitit.ai *.googleapis.com *.google.com *.fontawesome.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.googleapis.com https://cdn.pushcrew.com https://dev.visualwebsiteoptimizer.com https://cdn.fitit.ai *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.alothemes.com *.magepow.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com www.apptrian.com https://stats.g.doubleclick.net https://www.google-analytics.com https://bam.nr-data.net https://www.facebook.com https://api.bciplus.cl https://maps.googleapis.com https://pushcrew.com https://firebase.googleapis.com https://firebaseremoteconfig.googleapis.com https://us-central1-fitit-a5bde.cloudfunctions.net https://firebaselogging-pa.googleapis.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://geowidget.easypack24.net https://cdn.devsiteac.com/ https://script.hotjar.com/ fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://ssl.dotpay.pl/ https://cdn.devsiteac.com/ https://www.facebook.com/ sandbox.przelewy24.pl secure.przelewy24.pl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://parcelshop.dhl.pl *.easypack24.net *.inpost.pl *.openstreetmap.org https://mapa.ecommerce.poczta-polska.pl *.poczta-polska.pl https://consentcdn.cookiebot.com/ https://www.google.com/ https://cdn.devsiteac.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://*.cookiebot.com pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://maps.gstatic.com https://*.cloudfront.net https://googletagmanager.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://ssl.ceneo.pl/ https://cdn.devsiteac.com/ https://osm.inpost.pl/ https://maps.googleapis.com/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://ssl.dotpay.pl/ https://c.tile.openstreetmap.org/ https://ylpush.s3-eu-west-1.amazonaws.com/ https://www.google.com/ https://www.google.pl/ https://www.facebook.com/ https://imgsct.cookiebot.com/ https://*.cookiebot.com https://ssl.ceneo.pl static.przelewy24.pl www.gstatic.com gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://parcelshop.dhl.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://mapa.ecommerce.poczta-polska.pl *.poczta-polska.pl https://consent.cookiebot.com/ *.edrone.me https://ssl.ceneo.pl/ https://cdn.devsiteac.com/ https://a-krosnoglass.youlead.pl/ https://m-krosnoglass.youlead.pl/ https://app.freshmail.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ *.cloudfront.net/ *.bing.com/ https://www.googletagmanager.com/ https://consentcdn.cookiebot.com/ https://*.cookiebot.com https://ssl.ceneo.pl sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ https://geowidget.easypack24.net https://geowidget.inpost.pl https://cdn.devsiteac.com/ https://*.cloudfront.net https://googletagmanager.com https://www.googletagmanager.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://unpkg.com/ https://cdn.jsdelivr.net/ https://api.mapbox.com/ https://geowidget.easypack24.net/ *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com https://cdn.devsiteac.com/ https://sandbox-api-shipx-pl.easypack24.net/ https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://api.edrone.me/ https://vc.hotjar.io/ https://osm.inpost.pl/ https://maps.googleapis.com/ wss://ws8.hotjar.com/ https://ssl.dotpay.pl/ https://*.analytics.google.com https://consentcdn.cookiebot.com/ https://*.cookiebot.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.feedaty.com *.zopim.com fonts.gstatic.com data: static.criteo.net *.fontawesome.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.criteo.com *.criteo.net *.hotjar.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.clerk.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.google.com *.google.it *.zopim.com *.clerk.io *.advertising.com *.doubleclick.net *.openx.net *.rubiconproject.com *.yahoo.com *.smaato.net *.yieldmo.com *.tapad.com *.addthis.com *.outbrain.com *.criteo.com *.criteo.net *.adnxs.com *.adtpd.com *.tpmn.co.kr *.socdm.com *.adingo.jp *.revcontent.com *.kargo.com *.3lift.com *.media.net *.rlcdn.com *.turn.com *.smartadserver.com *.mediawallahscript.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.bidswitch.net *.dable.io *.sharethrough.com *.liadm.com *.postrelease.com *.mgid.com *.nate.com *.yandex.ru *.rambler.ru *.meba.kr *.admixer.co.kr id5-sync.com *.mail.ru *.adscale.de *.aralego.com *.tremorhub.com *.omnitagjs.com trusted.ro *.kvstore.it *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.zoorate.com *.iubenda.com *.soisy.it *.criteo.com static.criteo.net *.doubleclick.net *.hotjar.com *.zopim.com *.zdassets.com *.clerk.io partner-events.favicdn.net *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com *.feedaty.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.criteo.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.soisy.it *.google.com *.google-analytics.com *.hotjar.com vc.hotjar.io/ *.zdassets.com *.zopim.com *.iubenda.com *.doubleclick.net *.criteo.com *.criteo.net wss://*.zopim.com/ wss://*.hotjar.com/ partner-events.favicdn.net partner-events.favi.sk partner-events.favi.cz partner-events.favi.ro *.googlesyndication.com *.zendesk.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ccavenue.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.ccavenue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.ccavenue.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.ccavenue.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online *.feedaty.com *.google.it *.lafarmaciadelsole.it http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gestpay.net *.sella.it https://*.clerk.io https://*.dnafactory.it https://*.dnalab.online cdn.clerk.io *.feedaty.com *.jivosite.com *.prezzifarmaco.it *.doubleclick.net *.smartlook.cloud *.smartlook.com openfpcdn.io *.lafarmaciadelsole.it http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.dnafactory.it https://*.dnalab.online cdnjs.cloudflare.com *.feedaty.com *.jivosite.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.dnafactory.it https://*.dnalab.online *.jivosite.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online *.feedaty.com *.google-analytics.com *.jivosite.com *.prezzifarmaco.it *.smartlook.cloud *.smartlook.com *.lafarmaciadelsole.it http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com/ https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com fonts.gstatic.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl addtoany.com bam.eu01.nr-data.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com https://www.instagram.com pay.google.com https://geowidget-app.inpost.pl/ *.addtoany.com bam.eu01.nr-data.net https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.facebook.com https://www.google.de https://www.google.en https://www.google.pl https://www.google.com.ua https://www.google.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleservices.com https://v2.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://connect.facebook.net https://region1.google-analytics.com https://analytics.google.com https://www.instagram.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://ipinfo.io *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://consent.cookiefirst.com https://www.google.com https://www.gstatic.com https://fast.fonts.net https://secure.przelewy24.pl https://edge.cookiefirst.com https://api.cookiefirst.com fonts.googleapis.com *.googleapis.com *.addtoany.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://widget-mediator.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://www.facebook.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ stats.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences wheelioapp.azureedge.net dealioappstorage.blob.core.windows.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com wheelioapp.azureedge.net *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com static.klaviyo.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com static.klaviyo.com static.klaviyo.com/ cdnjs.cloudflare.com/ assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.apptrian.com www.facebook.com graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PN6ARP0ubXDMzLWa_Y95ZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googletagmanager.com *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.facebook.net *.facebook.com landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.razorpay.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com https://www.gstatic.com s7.addthis.com *.avada.io checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.doubleclick.net *.facebook.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.gr ebizmarts-website.s3.amazonaws.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com *.chimpstatic.com s7.addthis.com *.avada.io https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.addthis.com *.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.tawk.to fonts.gstatic.com *.cloudflare.com *.googleapis.com *.klevu.com *.zopim.com *.gstatic.com *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.tawk.to *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com https://www.youtube.com *.tawk.to *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com *.pushalert.co *.tawk.to cdn.jsdelivr.net *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.klevu.com *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com www.youtube.com *.google.com *.pushalert.co *.tawk.to cdn.jsdelivr.net *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.googleapis.com *.klevu.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.pushalert.co *.tawk.to wss://*.tawk.to *.testfreaks.com *.ksearchnet.com *.klevu.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.mattca.ro *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com/ *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.innoship.ro https://www.google.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.tile.openstreetmap.org *.openstreetmap.org *.mattca.ro *.google.com/ads/ *.google.ro *.google.ro/ads/ *.trusted.ro/ trusted.ro/ *.profitshare.ro *.omtrdc.net *.salofarm.ro maps.googleapis.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jivosite.com *.profitshare.ro profitshare.ro *.7w.ro *.aptrinsic.com *.mattca.ro maps.googleapis.com widget.trusted.ro *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com *.jivosite.com *.aptrinsic.com *.mattca.ro *.salofarm.ro *.stormers.ro *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.jivosite.com *.mattca.ro 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net/ *.jivosite.com *.7w.ro *.aptrinsic.com maps.googleapis.com socialplugin.facebook.net wss://chat-eu1-4.jivosite.com *.mattca.ro *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3 *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src https://www.google.bg/pagead/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; connect-src https://ekr.zdassets.com/ https://dimitarstoichkov.zendesk.com/ wss://widget-mediator.zopim.com/ https://googleads.g.doubleclick.net/ dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; script-src https://v2.zopim.com/ https://static.zdassets.com/ assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://www.magezon.com https://www.mollie.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cdn.plyr.io noembed.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com *.gstatic.com data: cdn.jsdelivr.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.googleapis.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.google.com *.gstatic.com https://cdnjs.cloudflare.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com 'self' data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com 'self' data: https://code.highcharts.com *.avada.io *.google.com/ *.freshworks.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://www.gstatic.com 'self' data: https://fonts.googleapis.com *.fontawesome.com *.freshworks.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://fcm.googleapis.com 'self' data: https://get.geojs.io *.avada.io *.freshworks.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://use.typekit.net https://kit-pro.fontawesome.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://kit.fontawesome.com www.gstatic.com *.googleapis.com *.fontawesome.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.sharethis.com fonts.googleapis.com downloads.mailchimp.com maxcdn.bootstrapcdn.com fonts.gstatic.com unsafe-inline assets.braintreegateway.com https://p.typekit.net https://use.typekit.net https://kit-pro.fontawesome.com/ *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.sharethis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.gstatic.com *.webagencyanalytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webagencyanalytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-_E1fiMfJQufm9DoKiC4ggA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mpozenato.com.br *.mpozenato.com.br MPozenato.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com cloudflare.com doubleclick.net linximpulse.net crazyegg.com retargeter.com.br googleadservices.com mlstatic.com shopconvert.com.br hotjar.com hotjar.io smarthint.co ebit.com.br viptarget.com.br mercadopago.com shoptarget.com.br directtalk.com.br googleapis.com shopback.net montacasa.com.br *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.shopconvert.com.br *.hotjar.com *.hotjar.io *.smarthint.co *.googleadservices.com *.mlstatic.com *.crazyegg.com *.retargeter.com.br *.cloudflare.com *.doubleclick.net *.linximpulse.net *.mercadopago.com *.shoptarget.com.br *.ebit.com.br *.viptarget.com.br *.montacasa.com.br *.directtalk.com.br *.googleapis.com *.shopback.net wss://signalr.fbits.net gstatic.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br track.omguk.com *.omguk.com *.lomadee.com *.vendavalida.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net s.pinimg.com *.pinimg.com receiver.posclick.dinamize.com *.posclick.dinamize.com ct.pinterest.com *.pinterest.com d3u0jcwe5p7qrc.cloudfront.net d2rp1k1dldbai6.cloudfront.net cybba-bucket.s3.amazonaws.com storage.googleapis.com *.amazon-adsystem.com *.s3.amazonaws.com *.cybba.solutions *.rtb123.com *.cybba.us *.adnxs.com *.stackadapt.com *.adsrvr.org *.facebook.net *.enviou.com.br *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net koinprod.azurewebsites.net payments.koin.com.br koinhomolog.azurewebsites.net *.blob.core.windows.net *.g2afse.com rankmediabrasil.g2afse.com *.cloudfront.net samuraiexpertsstorage.blob.core.windows.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com cdn.preciso.net *.preciso.net *.avis-verifies.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.mpozenato.com.br mpozenato.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: cdn.thulium.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://parcelshop.dhl.pl/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.googleapis.com maps.gstatic.com cdn.thulium.com chat-proxy-service.thulium.com ssl.ceneo.pl www.google.pl ads.trafficjunky.net bat.bing.com media.user.com n69.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com *.googleapis.com cdn.luigisbox.com scripts.luigisbox.com ssl.ceneo.pl cdn.thulium.com unpkg.com cdn.cookiehub.eu n69.user.com www.artfut.com static.trafficjunky.com widget.user.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com sandbox-easy-geowidget-sdk.easypack24.net cdn.luigisbox.com cdn.cookiehub.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net n69.pl cdn.thulium.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com *.googleapis.com api.luigisbox.com live.luigisbox.com app.luigisbox.com chat-proxy-service.thulium.com cdn.thulium.com wss://chat-proxy-service.thulium.com stats.g.doubleclick.net googleads.g.doubleclick.net n69.user.com wss://n69.user.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com stackpath.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.google.com *.snapchat.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.doubleclick.net *.facebook.com/ *.cookiebot.com *.viabill.com *.trustpilot.com *.snapchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.ph *.twitter.com *.ytimg.com *.youtube.com *.facebook.com *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net connect.facebook.net *.trustpilot.com *.emaerket.dk *.cookiebot.com code.jquery.com *.viabill.com *.bing.com sc-static.net *.leadfamly.com *.zdassets.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com stackpath.bootstrapcdn.com *.freshchat.com/ *.myfonts.net unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.doubleclick.net *.google-analytics.com *.leadfamly.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.google.com *.google.com.sg 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.dotdigital-pages.com *.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com https://cdn.cookielaw.org/ data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com https://cdn.cookielaw.org/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/ https://privacyportal-eu.onetrust.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /loreal/csp-report.php; report-to report-endpoint; 1
font-src https://fonts.gstatic.com https://ws.colissimo.fr maxcdn.bootstrapcdn.com https://www.gstatic.com https://cdnjs.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com www.google.com https://www.youtube.com https://www.googletagmanager.com/ js.mollie.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.bird.eu https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudimg.io *.google.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://accounts.google.com *.cloudimg.io *.scaleflex.it *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://accounts.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src cdn.jsdelivr.net https://fonts.gstatic.com cdn.almapay.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com applepay.cdn-apple.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com *.avis-verifies.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com lumao.eu *.google.fr *.google.com *.myspectro.io axeptio.imgix.net favicons.axept.io bat.bing.com cdn.wisepops.net cdn.doofinder.com openstreetmap.org maps.googleapis.com maps.gstatic.com https://assets.fintecture.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.doofinder.com *.myspectro.io static.axept.io bat.bing.com www.clarity.ms cdn.segment.com wisepops.net cdn.wisepops.net cdn.doofinder.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net https://fonts.googleapis.com *.doofinder.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.doofinder.com  *.google-analytics.com *.doubleclick.net pagead2.googlesyndication.com tracking.myspectro.io client.axept.io api.axept.io cdn.segment.com api.segment.io a.clarity.ms wisepops.net activity.wisepops.net tracking.wisepops.net wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googleadservices.com www.google-analytics.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.multisafepay.com https://pay.google.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.optomaeurope.com; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com https://*.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://*.fontawesome.com https://downloads-global.3cx.com https://*.3cx.cloud/ https://*.nr-data.net https://js-agent.newrelic.com https://www.gstatic.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com https://*.3cx.cloud https://img.youtube-nocookie.com; media-src 'self' blob: data: *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://player.simplecast.com https://www.google.com/; font-src 'self' *.optomaeurope.com *.optoma.co https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://*.google-analytics.com *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com https://*.3cx.cloud wss://*.3cx.cloud https://*.nr-data.net https://js-agent.newrelic.com https://adservice.google.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.contactpigeon.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io *.contactpigeon.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.contactpigeon.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com *.fontawesome.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com ajax.cloudflare.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.contactpigeon.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.klarna.com js.mollie.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.klarna.com *.klarnacdn.net *.klarnaservices.com js.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com *.sendcloud.sc *.jsdelivr.net https://www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com squeezely.tech www.squeezely.tech *.squeezely.tech www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com *.sendcloud.sc *.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.trustedshops.com *.etrusted.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com checkout.tabby.ai *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.visa.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.googleadservices.com *.google-analytics.com *.paypal.com flagpedia.net checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.visa.com *.mastercard.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com https://devdocs.magento.com https://magento.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google-analytics.com www.google.com apis.google.com *.avada.io maps.googleapis.com https://cdnjs.cloudflare.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://devdocs.magento.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.tawk.to wss://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com js.api.here.com *.youtube.com 1.base.maps.ls.hereapi.com/maptile/2.1/info 1.aerial.maps.ls.hereapi.com/maptile/2.1/info vector.hereapi.com/v2/vectortiles/info js.api.here.com/v3/3.1/styles/omv/miami/normal.day.yaml vector.hereapi.com/v2/vectortiles/copyrights js.api.here.com/v3/3.1/styles/omv/skeleton.yaml js.api.here.com/v3/3.1/styles/omv/road_shields.day.yaml js.api.here.com/v3/3.1/styles/omv/label.priorities.yaml vector.hereapi.com/v2/vectortiles/base/mc/9/256/183/omv vector.hereapi.com/v2/vectortiles/base/mc/9/257/183/omv vector.hereapi.com/v2/vectortiles/base/mc/9/256/184/omv vector.hereapi.com/v2/vectortiles/base/mc/9/257/184/omv graph.instagram.com/me/media js.api.here.com/v3/3.1/styles/fonts/FiraGO-Map.woff js.api.here.com/v3/3.1/styles/fonts/FiraGO-Italic.woff applepay.cdn-apple.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.hotjar.com *.google.com *.doubleclick.net *.facebook.com *.weltpixel.com api.payplug.com secure.payplug.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.piwik.pro *.matomo.cloud *.youtube.com *.google.co.uk *.google.com.ua *.google.com *.googletagmanager.com https://t4.my-probance.one/webtrax/listener.action https://bat.bing.com/action/0 https://storage.googleapis.com/website-ef39890f/produits/attribut_1.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_2.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_3.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_4.jpg https://storage.googleapis.com/website-ef39890f/produits/attribut_5.jpg https://cdn2.hubspot.net/hubfs/508350/BADGE_PAIEMENT_2@2x.png https://js.api.here.com/v3/3.1/styles/omv/icons/sprite-2x.png https://js.api.here.com/v3/3.1/styles/omv/icons/road_icons-2x.png https://storage.googleapis.com https://cdn2.hubspot.net https://js.api.here.com https://scontent.cdninstagram.com *.doubleclick.net https://scontent.cdninstagram.com/v/t51.2885-15/260296993_849019392440806_1700673023175743553_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/260044152_436307778115476_7600172539440816000_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/261801628_1261174687714340_7736851760014741587_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/260529315_225157813081369_6837512984564860239_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/263184407_328424538779765_5221694345882642889_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/266389092_1614368342234765_2968722902784167446_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264852596_627335521870014_5040258744862434244_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/265356568_5049204575091602_3632498141846560470_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/261612449_131505805942503_1021005885788653226_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264530003_652201109151326_3435745126752363541_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/262756442_441834440679621_4515724252730267794_n.jpg https://scontent.cdninstagram.com/v/t51.2885-15/264000873_213792314241080_9140927077058749409_n.jpg *.google.fr *.facebook.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io *.piwik.pro *.matomo.cloud *.youtube.com *.doubleclick.net t4.my-probance.one/webtrax/rsc/podowell.js *.google.com *.googletagmanager.com bat.bing.com static.hotjar.com/c/hotjar-1751513.js script.hotjar.com *.facebook.net www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__fr.js script.hotjar.com/modules.909c20fd8721306b1fa9.js bat.bing.com/p/action/22018159.js script.hotjar.com/modules.19e5fee3eaef277c9b64.js script.hotjar.com/modules.54959b9c945092ba123f.js js.api.here.com/v3/3.1/mapsjs-core.js js.api.here.com/v3/3.1/mapsjs-service.js js.api.here.com/v3/3.1/mapsjs-ui.js js.api.here.com/v3/3.1/mapsjs-mapevents.js script.hotjar.com/modules.cbd9b920d05cd9e47f57.js bat.bing.com/p/action/5891144.js www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__fr.js *.gstatic.com api.payplug.com applepay.cdn-apple.com https://www.googletagmanager.com tagmanager.google.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com *.piwik.pro *.matomo.cloud js.api.here.com/v3/3.1/mapsjs-ui.css code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css www.gstatic.com js.api.here.com/v3/3.1/mapsjs-core.js js.api.here.com/v3/3.1/mapsjs-service.js js.api.here.com/v3/3.1/mapsjs-ui.js js.api.here.com/v3/3.1/mapsjs-mapevents.js www.googleadservices.com/pagead/conversion_async.js cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css tagmanager.google.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io *.piwik.pro *.matomo.cloud https://in.hotjar.com/api/v2/client/sites/1751513/visit-data https://www.google-analytics.com/j/collect *.doubleclick.net *.google.com *.youtube.com https://1.base.maps.ls.hereapi.com/maptile/2.1/info https://1.aerial.maps.ls.hereapi.com/maptile/2.1/info https://vector.hereapi.com/v2/vectortiles/info https://vector.hereapi.com/v2/vectortiles/copyrights https://js.api.here.com https://vector.hereapi.com https://graph.instagram.com/me/media https://preprod-www.podowell.fr https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com blob: data: http://poespas.test http://localhost https://www.google.com https://www.google.nl https://www.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com tagmanager.google.com https://www.googletagmanager.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.google.com https://www.gstatic.com www.facebook.com https://cdn.lordicon.com https://player.vimeo.com https://youtube.com https://www.youtube.com/ http://poepas.test http://poepas.test:35729 http://localhost chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://cdn.lordicon.com http://poepas.test:35729/livereload ws://poepas.test:35729/livereload http://127.0.0.1:35729/livereload ws://127.0.0.1:35729/livereload www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src consent.cookiefirst.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com consent.cookiefirst.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consent.cookiefirst.com *.avada.io *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com consent.cookiefirst.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src googleapis.com *.zdassets.com 'self' 'unsafe-inline'; font-src googleapis.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; style-src googleapis.com getfirebug.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; connect-src static-forms.klaviyo.com googleapis.com facebook.com facebook.net klaviyo.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; form-action googleapis.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src googleapis.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src googleapis.com widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src googleapis.com klaviyo.com facebook.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com www.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com secure.pay1.de https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com legalweb.io www.facebook.com stats.g.doubleclick.net api.omappapi.com www.google-analytics.com https://static.unzer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com polyfill.io maps.googleapis.com secure.pay1.de cdn.klarna.com www.google-analytics.com connect.facebook.net a.opmnstr.com diffuser-cdn.app-us1.com www.google.com prism.app-us1.com www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com trackcmp.net https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io api.omappapi.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.gstatic.net *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.addthis.com *.doubleclick.com *.getblue.io *.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.pupemoda.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mlstatic.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.aptrinsic.com *.facebook.net *.facebook.com *.googleapis.com *.zopim.com *.zdassets.com *.embluemail.com *.getblue.io *.doubleclick.com *.newrelic.com *.nr-data.net *.addtoany.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.googleapis.com *.zopim.com *.zdassets.com *.doubleclick.com *.doubleclick.net *.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.facebook.com *.aptrinsic.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.paypalobjects.com/;connect-src *.cloud.es.io;frame-src 'self' https://www.youtube.com/; report-uri https://reporting.webperf.tools; report-to default 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.gstatic.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src youtube.com maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: https: http: ; frame-src 'self' http: https: *.google.com; script-src 'self' 'unsafe-inline' https: ; object-src 'self' 1
default-src http://www2.repuve.gob.mx:8080/ciudadania/ https: 'unsafe-inline' https://apis.google.com https://platform.twitter.com; child-src https://plusone.google.com https://facebook.com https://platform.twitter.com http://www2.repuve.gob.mx:8080/ciudadania/ 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://www.googletagmanager.com/ business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googletagmanager.com/ https://www.googletagmanager.com/ business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com *.hotjar.com secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com mcstagingmedia.carou.com mcprodmedia.carou.com *.google.com www.google.com.ua ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com *.hotjar.com widgets.trustedshops.com bam.nr-data.net js-agent.newrelic *.ratepay.com js-agent.newrelic.com s.pinimg.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com/ *.ratepay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de d.ratepay.com jsctool.com autocomplete2.postdirekt.de t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.hotjar.com wss://*.hotjar.com/ bam.nr-data.net www.carou.com stats.g.doubleclick.net vc.hotjar.io ct.pinterest.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.typekit.net https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.twitter.com *.google.com *.massivespace.rocks *.pagosonline.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net www.facebook.com *.googlesyndication.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.facebook.net *.youtube.com/ connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.rimax.com.co *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.salesmanago.es *.salesmanago.com *.klarna.com *.googleadservices.com *.paypal.com *.ytimg.com *.lightemporium.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.hotjar.com *.salesmanago.es *.salesmanago.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.trackedlink.net *.googleapis.com *.avada.io connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.hotjar.com *.youtube.com *.salesmanago.es *.salesmanago.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.paypal.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.siteblindado.com.br *.avis-verifies.com *.octadesk.services *.cloudflare.com *.facebook.com *.google.com *.hotjar.com *.despegar.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.compreconfie.com.br *.avis-verifies.com *.cloudflare.com *.facebook.com *.google.com.br *.tcdn.com *.despegar.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.croapp.net *.googletagmanager.com googleads.g.doubleclick.net *.avis-verifies.com *.siteblindado.com *.fontawesome.com *.octadesk.services *.cloudflare.com *.getfirebug.com *.twitter.com *.facebook.net *.dinamize.com *.gstatic.com *.goadopt.io *.usebeon.io *.hotjar.com *.google.com *.omguk.com *.despegar.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.facebook.net *.goadopt.io *.usebeon.io *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.siteblindado.com.br *.avis-verifies.com *.cloudflare.com *.hotjar.com *.goadopt.io *.usebeon.io *.paypal.com *.despegar.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: cl.avis-verifies.com m2.meilland-dev.sutunam.net ct.pinterest.com bat.bing.com www.google.com.vn data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com cl.avis-verifies.com bat.bing.com s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ws.colissimo.fr http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://api-adresse.data.gouv.fr ct.pinterest.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com cl.avis-verifies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.criteo.com https://*.google.com https://cdn.matomo.cloud https://connect.facebook.net https://google-analytics.com https://googletagmanager.com https://graph.facebook.com https://js.facebook.com https://roulenloc.matomo.cloud https://ssl.google-analytics.com https://static.criteo.net https://sslwidget.criteo.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.facebook.com *.criteo.com *.criteo.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.google.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-to https://sirel.roulenloc.fr/json/info_csp.php 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://shopline.itau.com.br 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagaleve.io *.pagaleve.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagaleve.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagaleve.com.br js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com http://api.itaushopline.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' *.rowit.nz static.cloudflareinsights.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.rowit.nz 41e88da0b753d19507dc-c16ee6a7f049943e7103dba546d18f06.ssl.cf4.rackcdn.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' rowit.nz *.rowit.nz 41e88da0b753d19507dc-c16ee6a7f049943e7103dba546d18f06.ssl.cf4.rackcdn.com chart.apis.google.com app.companiesoffice.govt.nz 'report-sample'; font-src rowit.nz fonts.gstatic.com; connect-src 'self' rowit.nz l.rowit.nz cloudflareinsights.com; frame-src maps.google.co.nz www.google.com; frame-ancestors 'none'; form-action 'self'; base-uri 'self' rowit.nz; report-uri https://rowit.report-uri.com/r/d/csp/wizard 1
font-src data: use.fontawesome.com static-srag.saatec.de static-dev.srag.cahosting.de static-srag-staging.saatec.de static-srag-live.saatec.de fonts.gstatic.com maxcdn.bootstrapcdn.com tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.staging.srag.cahosting.de srag.dev.saatec.local *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com app-wallee.com td.doubleclick.net *.google.com/ www.googletagmanager.com checkout.postfinance.ch 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io media-srag.saatec.de media-srag-staging.saatec.de media-srag-live.saatec.de static-dev.srag.cahosting.de static-srag-live.saatec.de static-srag.saatec.de widgets.trustedshops.com www.google.de piwik.sativa-biosaatgut.de tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.staging.srag.cahosting.de files.mirasvit.com www.magecomp.com srag.dev.saatec.local www.sativa.bio ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net checkout.postfinance.ch app-wallee.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ analytics.sativa.bio www.google.com www.gstatic.com use.fontawesome.com static-srag.saatec.de media-srag.saatec.de media-srag-live.saatec.de static-srag-staging.saatec.de static-dev.srag.cahosting.de tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.staging.srag.cahosting.de static-staging.srag.cahosting.de static-srag-live.saatec.de widgets.trustedshops.com consent.cookiefirst.com browser-update.org piwik.sativa-biosaatgut.de app-wallee.com srag.dev.saatec.local chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com maps.googleapis.com checkout.postfinance.ch 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.fontawesome.com static-srag.saatec.de static-dev.srag.cahosting.de static-srag-staging.saatec.de static-srag-live.saatec.de fonts.googleapis.com maxcdn.bootstrapcdn.com cloud.typography.com consent.cookiefirst.com sativa.bio www.sativa.bio tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.staging.srag.cahosting.de srag.dev.saatec.local downloads.mailchimp.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com analytics.sativa.bio static-srag.saatec.de static-dev.srag.cahosting.de static-srag-staging.saatec.de static-srag-live.saatec.de static.cookiefirst.com edge.cookiefirst.com consent.cookiefirst.com tmpsativa-static.codel1.de cdn.live.srag.cahosting.de cdn.dev.srag.cahosting.de cdn.staging.srag.cahosting.de pagead2.googlesyndication.com www.google.de *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.code-alliance.de/srag/report-csp-frontend; report-to report-endpoint; 1
font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.colissimo.fr *.avis-verifies.com *.mapbox.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.scooterpieces.fr *.twitter.com *.facebook.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.scooterpieces.fr *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.colissimo.fr *.avis-verifies.com *.googleapis.com *.googlesyndication.com https://stats.g.doubleclick.net *.doubleclick.net  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com *.google.fr *.googlesyndication.com maps.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.cloudfront.net *.newrelic.com *.nr-data.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.googleapis.com *.toto.fr *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googlesyndication.com webcache.googleusercontent.com *.google.fr *.googletagservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudfront.net *.scooterpieces.fr *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.mapbox.com *.colissimo.fr *.avis-verifies.com webcache.googleusercontent.com *.google.fr *.googleadservices.com *.googlesyndication.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com webcache.googleusercontent.com *.googlesyndication.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterpieces.fr/; report-to report-endpoint; 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.smartsuppcdn.com ;connect-src  'self' data: application/octet-stream blob: *.google.com *.google.cz *.googleapis.com *.google-analytics.com www.googletagmanager.com *.zbozi.cz *.pingdom.net *.doubleclick.net *.facebook.com *.biano.cz *.gstatic.com *.googlesyndication.com *.clarity.ms wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.senesi.cz *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie iplatba.cz *.imedia.cz *.heureka.cz *.facebook.com *.facebook.net *.zbozi.cz *.seznam.cz *.biano.cz *.clarity.ms c.bing.com *.instagram.com *.smartsuppcdn.com https://files.packeta.com *.foxentry.cz *.leady.com ;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.zbozi.cz *.gstatic.com *.smartsuppcdn.com *.foxentry.cz www.googletagmanager.com ;object-src  'self' blob: ; report-uri /frontendreport/report/ 1
font-src fonts.gstatic.com use.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.facebook.com https://seers-application-assets.s3.amazonaws.com https://www.google.es www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.seersco.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src  'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src  'self' *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com  https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src  'self' ; report-uri /frontendreport/report/ 1
font-src *.gstatic.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.avis-verifies.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.google.com/ *.youtube.com/ cdn.doofinder.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.googletagmanager.com/ *.cdn.cookielaw.org/ *.youtube.com/ *.tradedoubler.com cdn.doofinder.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.googleapis.com/ *.doofinder.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.doofinder.com wss://*.doofinder.com *.google-analytics.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io maps.googleapis.com https://static.addtoany.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io https://static.addtoany.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.ccavenue.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.yotpo.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.pelecard.biz *.queue-it.net *.facebook.com *.facebook.net *.vimeo.com vimeo.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com *.google.com www.xtento.com *.paypal.com *.yotpo.com *.creditguard.co.il *.googletagmanager.com *.xtento.com *.doubleclick.net acsbapp.com *.acsbap.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.magentocommerce.com *.entrust.net *.google.com *.google.com.vn *.doubleclick.net *.cloudfront.net *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.mltp.co.il *.adoric.com *.adoric-om.com *.tiktok.com *.giphy.com *.acsbapp.com *.amazonaws.com *.shw.co.il www.xtento.com cdn.xtento.com *.googleadservices.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.co.il https://www.google *.paypal.com *.paypalobjects.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.adobedtm.com *.authorize.net *.entrust.net *.gstatic.com www.google.com *.adyen.com *.queue-it.net *.googletagmanager.com *.googleapis.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.signifyd.com *.nowdialogue.com *.xtento.com *.facebook.com *.facebook.net *.nagich.co.il *.rawgit.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com www.xtento.com cdn.xtento.com *.google-analytics.com *.google.com *.fontawesome.com *.googleadservices.com *.doubleclick.net *.analytics.com *.youtube.com *.paypal.com *.paypalobjects.com acsbapp.com acsbap.com *.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.adoric.com *.adoric-om.com *.googleapis.com *.nowdialogue.com *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.entrust.net *.google-analytics.com *.google.com *.nowdialogue.com nowdialogue.com *.nagich.co.il *.doubleclick.net *.vimeo.com vimeo.com *.demdex.com *.adoric.com *.adoric-om.com *.tiktok.com *.glassix.com *.analytics.com *.facebook.com player.vimeo.com *.googleapis.com *.acsbapp.com acsbap.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com webservices.securetrading.net *.google.com *.addthis.com *.pinterest.com *.trustpilot.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com business.facebook.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com webservices.securetrading.net songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com o402164.ingest.sentry.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri https://logger.ca-central-1.logging.brightspace.com/log/csp/14zquj_Ju3AZRFWg0nIAaAAAAY95_Bt_ 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.googletagmanager.com/ *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src api.ebizcharges.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com api-landing.soysantander.com.uy analytics.google.com *.facebook.net adservice.google.com www.google.com.uy *.googleapis.com *.facebook.com *.gstatic.com *.windows.net www.googletagmanager.com www.youtube.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.glami.bg www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com google.com cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.avada.io *.glami.bg www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com google.com *.kxcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * services.paytrail.com paytrail.com *.paytrail.com epmt.nordea.fi *.nordea.com verkkopankki.danskebank.fi online.s-pankki.fi verkkomaksu.poppankki.fi verkkomaksu.omasp.fi auth.aktia.fi verkkomaksu.handelsbanken.fi verkkomaksu.saastopankki.fi online.alandsbanken.fi maksu.pivo.fi qa-maksu.pivo.fi v1-hub-staging.sph-test-solinor.com v1.api.paymenthighway.io www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js-agent.newrelic.com bam.nr-data.net policy.app.cookieinformation.com cookie-cdn.cookiepro.com connect.facebook.net www.facebook.com *.adform.net *.google-analytics.com *.doubleclick.net *.leadoo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn2.hubspot.net resources.paytrail.com www.facebook.com www.google.fi *.analytics.google.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net policy.app.cookieinformation.com cookie-cdn.cookiepro.com connect.facebook.net www.facebook.com *.adform.net *.google-analytics.com *.doubleclick.net *.leadoo.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com js-agent.newrelic.com bam.nr-data.net policy.app.cookieinformation.com cookie-cdn.cookiepro.com connect.facebook.net www.facebook.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.leadoo.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://www.google.co.cr/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com *.greenpaysbx.me *.kaptcha.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com *.kaptcha.com https://data-collector.greenpay.me https://script.crazyegg.com/ *.hotjar.net/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://gtm-mpv8c69c-mze5m.uc.r.appspot.com *.doubleclick.net/ data: *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://assets.emarsys.net https://cdn.scarabresearch.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://production-tailoy-repo-magento-statics.s3.us-east-2.amazonaws.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://recommender.scarabresearch.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.mercadopago.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.cz/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.de/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.es/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.fr/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.hu/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.ro/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.sk/pr-csp/report/add/; report-to report-endpoint; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.dhlparcel.nl *.cloudfront.net *.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net js.mollie.com https://plumrocket.com https://remove.video/ *.clerk.io www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.clerk.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sooqr.com flagpedia.net https://www.mollie.com 'self' data: *.snapppt.com *.cdninstagram.com *.cloudflare.com *.tantebetsy.nl *.tantebetsy.com *.google.com *.addsauce.com *.bing.com *.facebook.com www.google.nl *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.sooqr.com *.gstatic.com maps.googleapis.com js.mollie.com *.google.com *.dhlparcel.nl snapppt.com *.snapppt.com *.cloudfront.net *.clerk.io *.cookiecode.nl *.addsauce.com *.bing.com *.facebook.net *.clarity.ms www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.sooqr.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.dhlparcel.nl *.cloudfront.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io www.gstatic.com maps.googleapis.com t.elasticsuite.io *.google-analytics.com snapppt.com *.cookiecode.nl *.google.com *.addsauce.com *.doubleclick.net *.clarity.ms *.gstatic.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.googleapis.com *.fontawesome.com *.tawk.to fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://pixel.barion.com *.tawk.to *.google.com/ https://www.youtube.com *.packeta.com https://plumrocket.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://online.gls-hungary.com https://maps.gstatic.com https://maps.googleapis.com *.tawk.to cdn.jsdelivr.net *.facebook.com https://www.magezon.com quickchart.io img.youtube.com flagpedia.net *.koongo.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://pixel.barion.com https://online.gls-hungary.com https://maps.googleapis.com *.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.facebook.net *.avada.io *.google.com/ *.packeta.com landofcoder.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.tawk.to cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.googleapis.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com http://online.gls-hungary.com *.tawk.to wss://*.tawk.to *.google-analytics.com www.gstatic.com *.koongo.com *.packeta.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src embed.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ va.tawk.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com embed.tawk.to cdn.jsdelivr.net/emojione data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src embed.tawk.to fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src embed.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com dns.google *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ;  report-uri /cspreport; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com matomoembraceklantportaal.azurewebsites.net; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com *.analytics.google.com ws://triada.nl matomoembraceklantportaal.azurewebsites.net; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com umbracowebportalsnonprod.azureedge.net *.analytics.google.com www.googletagmanager.com ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com ; frame-ancestors 'self' ; 1
font-src fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com www.xtento.com https://plumrocket.com https://*.sameday.ro *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.xtento.com cdn.xtento.com https://redchamps.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io www.xtento.com cdn.xtento.com https://*.sameday.ro maps.googleapis.com *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.sameday.ro 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://mobbex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.mobbex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.avada.io *.mobbex.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.google.com *.mobbex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com bimg.abv.bg/GDPR/GDPR.js dmp.adwise.bg chimpstatic.com cdn.onesignal.com/sdks/OneSignalSDK.js static.zdassets.com/ekr/asset_composer.js v2.zopim.com/ cdn.onesignal.com/ onesignal.com/ assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' twofeet.com.br *.twofeet.com.br twofeet.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.googleadservices.com googleadservices.com td.doubleclick.net *.doubleclick.net *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.twofeet.com.br twofeet.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
object-src 'none';base-uri 'self';script-src 'nonce-EJ34-fr69BOULCZ5s6eNpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://img.paytrail.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.valerisport.it webstats.consultarea.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com s7.addthis.com *.googletagmanager.com *.facebook.net *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.valerisport.it/ webstats.consultarea.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline fonts.googleapis.com www.valerisport.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com int-ecommerce.nexi.it ecommerce.nexi.it ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com webstats.consultarea.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.com.co c.bing.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.doubleclick.net analytics.google.com cdn.connectif.cloud *.hotjar.com *.clarity.ms connect.facebook.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com.co analytics.google.com *.clarity.ms stats.g.doubleclick.net am1-api.connectif.cloud content.hotjar.io *.hotjar.com *.facebook.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.paygate.co.za/payweb3/process.trans 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1
default-src 'none' ; script-src 'self' maps.googleapis.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: locus-api.com locus-api-eu.com maps.gstatic.com maps.googleapis.com www.google-analytics.com s3.amazonaws.com; font-src 'self' fonts.gstatic.com; connect-src locus-api.com locus-api-eu.com; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.snapmint.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.facebook.com https://www.facebook.com *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.twitter.com *.youtube.com/ *.consensu.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.victorsport.in *.facebook.net *.facebook.com cdn.razorpay.com assets.snapmint.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com *.avada.io checkout.razorpay.com api.snapmint.com assets.snapmint.com sandboxapi.snapmint.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://www.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.google.com https://www.gstatic.com *.avada.io www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.gstatic.com *.typekit.net *.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com calendly.com *.trustpilot.com *.rolex.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://images.unsplash.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.designer-images.net assets.calendly.com *.facebook.com *.cloudfront.net *.documentforce.com *.cookiepro.com *.rolex.com hummuk.file.force.com *.tawk.to data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.stat-track.com polyfill.io *.moosend.com *.trustpilot.com *.jsdelivr.net *.typekit.net *.cookiepro.com *.tawk.to *.hotjar.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.moosend.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com assets.calendly.com *.aptrinsic.com *.tawk.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com thm.visa.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.stat-track.com *.m-pages.com *.m-operations.com *.cookiepro.com *.tawk.to vsa3.tawk.to *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-8maTrt_rvkCo6Z0yMOlRvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.squarecdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.facebook.com *.paymentexpress.com *.windcave.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com *.instagram.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk *.weltpixel.com *.paymentexpress.com *.windcave.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://popup.laybuy.com www.xtento.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com *.facebook.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.co.nz https://www.google.com https://integration-assets.laybuy.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au static.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.cloudflare.com https://maps.googleapis.com cdn.jsdelivr.net *.reviews.io *.reviews.co.uk https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://chimpstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com static.zipmoney.com.au static.zip.co zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.google-analytics.com *.facebook.net https://www.google-analytics.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.msecnd.net; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; sandbox allow-forms allow-same-origin allow-scripts; 1
font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ba_kDyZkEFWulxbjLMm1aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-x9nq1H6dIfF6O1RWuy1fSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com ipg1.apps.net.pk www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com static.addtoany.com td.doubleclick.net r.srvtrck.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com www.google.com.pk static.geetest.com www.google.co.in www.google.ie blob www.google.de testpaymentapi.hbl.com www.aksa.com.pk cdn.klarna.com img.youtube.com s-media-cache-ak0.pinimg.com www.ishopping.pk media.licdn.com www.google.com.au www.magentocommerce.com images.philips.com www2.ishopping.pk www.google.fr www.google.com.sa www.analytics-debugger.com file www.google.co.uk www.google.ae www.shophive.com www.google.com.ec www.google.com.sg www.google.com.tw www.google.it www.google.com.qa g-ecx.images-amazon.com images.samsung.com im3.ezgif.com www.google.com.tr www.google.es www.google.be www.sony.com.my www.google.ca www.google.pl www.google.com.kw www.google.co.uz www.xeroxscanners.com www.google.se www.google.fi www.google.dz www.google.com.do www.google.sk www.google.lv www.google.hr www.techglobe.pk d3uz6obq3251t9.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com player.vimeo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com static.addtoany.com graph.facebook.com maxcdn.bootstrapcdn.com gcaptcha4.geetest.com static.geetest.com s7.addthis.com www.pagespeed-mod.com ipinfo.io gcaptcha4.geevisit.com decision.etc4.com static.geevisit.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.yotpo.com static.geetest.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; object-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com data www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; manifest-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com analytics.google.com insights.algolia.io region1.analytics.google.com www2.ishopping.pk www.google.de www.google.com.pk stats.addtoany.com translate.googleapis.com www.google.co.in www.google.com.ec www.google.com.qa www.google.be www.google.ae meetlookup.com www.google.se o268291.ingest.sentry.io www.google.co.id www.google.md www.ishopping.pk www.google.com.mt www.google.dz d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.ishopping.pk d3uz6obq3251t9.cloudfront.net http: https: blob: 'self' 'unsafe-inline'; default-src www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.ishopping.pk d3uz6obq3251t9.cloudfront.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
object-src 'none';base-uri 'self';script-src 'nonce-chlrkPJBk49-70r-iwRXHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.neuillysurseine.fr/report-uri/reportOnly 1
object-src 'none';base-uri 'self';script-src 'nonce-1tRjPPpSxlZoFr1Ev9tjVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-aED6rz9cfGX3jRSXCMLzDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicstream.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
script-src 'self' 'unsafe-inline' cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com sf1-eu.readspeaker.com 1
object-src 'none';base-uri 'self';script-src 'nonce-M8ZrixdpAS6wTU9fOWhE3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3Hv5GgExUITr3rIRaNavTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ChVkoaj2wCwSLTP3KdhwRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk *.portablerestroomtrailers.com *.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com *.livechatinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com www.apptrian.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.reviews.io *.reviews.co.uk *.googletagmanager.com *.googleapis.com *.addtoany.com *.facebook.net *.google.com *.callrail.com *.hotjar.com *.livechatinc.com *.pardot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.cloudflare.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org www.apptrian.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.my.salesforce.com *.callrail.com *.livechatinc.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-tzWrdY5RfQSyXKCLCDSH6Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src *.fontawesome.com *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.searchspring.io listrakbi.com *.listrakbi.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net pinterest.com *.pinterest.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.searchspring.io elfsightcdn.com *.elfsightcdn.com facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrak.com *.listrak.com listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net googleapis.com *.googleapis.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.godaddy.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com mapbox.com *.mapbox.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com purityassets.com *.purityassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://beacon.searchspring.io/beacon *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.findologic.com fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com secure.pay1.de payments.amazon.de www.jsctool.com www.youtube.com *.google.com https://www.googletagmanager.com/ *.google.com/ js.mollie.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.facebook.com widgets.trustedshops.com *.google.de *.usercentrics.eu http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com quickchart.io img.youtube.com https://www.mollie.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com maps.googleapis.com jquery.sellxed.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.google.com *.clarity.ms *.findologic.com widgets.trustedshops.com googleads.g.doubleclick.net *.adform.net *.googlecommerce.com *.kk-resources.com *.usercentrics.eu *.s24.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com connect.facebook.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.findologic.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com payments.amazon.de d.ratepay.com www.jsctool.com widget.freshworks.com m2epro.freshdesk.com rns.matelso.de *.clarity.ms *.usercentrics.eu *.demdex.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Mndy1ZKmAUI9F1iMso3OWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src https: 'strict-dynamic' 'report-sample' 'nonce-Jy2tPemXqBFm9XhaiZWqOvVQsixYgEEhbXv/KcKZgcQ='; base-uri 'self';report-to csp-endpoint 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.nitrocdn.com *.cloudflare.com *.typekit.net *.threekit.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com nitropack.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.facebook.com *.nitrocdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.threekit.com 'self' blob: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com player.vimeo.com *.intercom.io *.nitrocdn.com nitroscripts.com *.intercomcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.threekit.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.nitrocdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.typekit.net *.threekit.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.google-analytics.com *.getnitropack.com *.intercom.io *.zdassets.com *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.threekit.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-6Rl5Gc6s5CxKcChpRQIl7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dqvqgBGgChd30pk636boKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=142-4672037-6660147:rid=J1KXT874EE2BAWVJQ73M:sn=www.amazon.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://js.datadome.co ct.captcha-delivery.com https://sdk.privacy-center.org https://www.googletagmanager.com; connect-src 'self' https://api-js.datadome.co https://api.privacy-center.org https://geo.api.gouv.fr https://api-adresse.data.gouv.fr https://browser-intake-datadoghq.eu; img-src 'self' data: https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline'; frame-src 'self' geo.captcha-delivery.com; worker-src 'self' blob:; report-uri /__vsctcspreport__ 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com downloads.mailchimp.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Ns24mR_zAznE6F4hK5PErw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.licdn.com assets.adobedtm.com www.google.com app.termly.io *.linkedin.com *.hubspot.com forms.hsforms.com region1.google-analytics.com js.hsleadflows.net *.demdex.net *.salesforceliveagent.com *.omtrdc.net js.hs-scripts.com region1.analytics.google.com cdn.cookielaw.org analytics.google.com *.facebook.net *.everesttech.net www.google-analytics.com *.facebook.com js.hs-banner.com *.gstatic.com forms-na1.hsforms.com js.hsforms.net *.onetrust.com *.doubleclick.net www.googletagmanager.com js.hsadspixel.net api.hubapi.com *.googleapis.com assets.taconic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src fonts.gstatic.com use.typekit.net https://cdn.checkout.com *.hotjar.com blob: data: *.fontawesome.com *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.cloudflare.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com *.addtoany.com *.checkout.com *.facebook.com *.hotjar.com blob: data: *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.addthis.com *.pinterest.com checkout.tabby.ai *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.hotjar.com blob: *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.google.com www.google.com.ua checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://cdn.checkout.com *.klarnacdn.net *.hotjar.com *.static.hotjar.com *.js-agent.newrelic.com wss://wsp48.hotjar.com wss://wsp35.hotjar.com wss://wsp.*.hotjar.com wss://wsp11.hotjar.com blob: data: https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://www.googletagmanager.com tagmanager.google.com server-side-tagging-nepkp5jgea-uc.a.run.app https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.checkout.com *.hotjar.com blob: data: *.fontawesome.com *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com https://js.checkout.com *.klarnaevt.com wss://wsp48.hotjar.com wss://wsp11.hotjar.com wss://wsp35.hotjar.com *.js-agent.newrelic.com wss://wsp.*.hotjar.com *.hotjar.com *.hotjar.io *.addtoany.com *.checkout.com *.facebook.com *.nr-data.net blob: data: https://cwarmer-staging.codilar.in/api/matrix https://dashboard.cwarmer.io/api/matrix *.luxottica.com *.cloudfront.net *.github.io *.luxdeepblue.com https://get.geojs.io *.avada.io http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://www.google-analytics.com server-side-tagging-nepkp5jgea-uc.a.run.app https: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.hotjar.com www.google-analytics.com *.facebook.com www.google.com vc.hotjar.io www.google.com.co *.gstatic.com *.googleapis.com *.doubleclick.net cdn.polyfill.io *.msecnd.net analytics.google.com dc.services.visualstudio.com adservice.google.com *.facebook.net cdnjs.cloudflare.com content.hotjar.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net widget.trustpilot.com cdn.krxd.net pixel.mathtag.com ; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images-t.finecobank.com https://images-dev.finecobank.com https://finecobank.com http://localhost:9095 https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it cdn.cookielaw.org https://beacon.krxd.net https://ups.analytics.yahoo.com; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://www.google.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.krxd.net https://privacyportal-de.onetrust.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com responder.wt-safetag.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.krxd.net beacon.krxd.net consumer.krxd.net 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 1
font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.resurs.com https://accounts.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://*.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com content.holmbank.ee https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com public.montonio.com https://www.google.com https://www.google.ee https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://*.cookiepro.com https://chat.askly.me https://*.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.resurs.com https://www.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://chat.askly.me https://*.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cookie-cdn.cookiepro.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.ingest.sentry.io https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://stats.g.doubleclick.net https://privacyportal.cookiepro.com https://chat.askly.me wss://sessions.chat.askly.me https://*.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.gstatic.com *.fontawesome.com data: *.livechatinc.com *.elavon.com *.sagepay.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.elavon.com *.sagepay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com account.fetchify.com *.youtube.com *.kb.help *.kitchendooroutlet.co.uk *.kitchendoorworkshop.co.uk *.livechatinc.com *.sagepay.com *.elavon.com *.doubleclick.net *.trustpilot.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com validate.fishpig.co.uk *.yandex.ru *.ytimg.com *.googleapis.com *.google.co.uk *.bing.com *.doubleclick.net *.clarity.ms *.facebook.com *.facebook.net *.livechatinc.com *.elavon.com *.sagepay.com *.klarna.com *.ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.yandex.ru *.chimpstatic.com *.bing.com *.googletagmanager.com *.doubleclick.net *.clarity.ms *.facebook.com *.facebook.net *.livechatinc.com *.elavon.com *.sagepay.com *.salesfire.co.uk *.braintreegateway.com *.trustpilot.com *.avada.io https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com *.getbootstrap.com *.googleapis.com *.jsdelivr.net maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.yandex.ru *.google-analytics.com *.googletagmanager.com *.bing.com *.clarity.ms *.facebook.com *.facebook.net *.livechatinc.com *.googleapis.com *.elavon.com *.sagepay.com *.salesfire.co.uk *.smartmetrics.co.uk *.trustpilot.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src use.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.affilbox.cz *.gpwebpay.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.cpost.cz *.heureka.cz *.zbozi.cz *.affilbox.cz *.google.com *.addthis.com *.packeta.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mameradivlasy.cz *.smartsuppcdn.com twemoji.maxcdn.com im9.cz *.seznam.cz *.google.com *.google.cz *.doubleclick.net *.googletagmanager.com maps.googleapis.com maps.gstatic.com *.heureka.cz *.addthis.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.googletagmanager.com maps.googleapis.com *.google.com *.gstatic.com *.heureka.cz *.imedia.cz *.doubleclick.net *.seznam.cz *.zbozi.cz im9.cz *.affilbox.cz *.addthis.com *.moatads.com *.addthisedge.com *.magento.com *.bootstrapcdn.com *.smartlook.com *.facebook.net *.packeta.com connect.facebook.net twitter.com platform.twitter.com https://widget.packeta.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src use.fontawesome.com fonts.googleapis.com *.bootstrapcdn.com *.smartsuppcdn.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.smartsuppcdn.com *.smartsuppchat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://websocket-visitors.smartsupp.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.facebook.com *.addthis.com *.smartlook.com *.smartlook.cloud maps.googleapis.com *.packeta.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src maps.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dev.mameradivlasy2024.php81.vblocal/grcsp/report/index; report-to report-endpoint; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.gr https://www.myheritage.gr  'unsafe-eval' 'nonce-f01a966b5f91947be6a99908dea8c1c4' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.gr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 1
font-src *.fontawesome.com applepay.cdn-apple.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.avis-verifies.com https://www.googletagmanager.com/ api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com lumao.eu *.google.fr *.google.com *.myspectro.io cdn.doofinder.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.gstatic.com *.googletagmanager.com *.doofinder.com *.myspectro.io cdn.doofinder.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ api.payplug.com applepay.cdn-apple.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.doofinder.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.doofinder.com  *.google-analytics.com *.doubleclick.net wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com ct.pinterest.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.apptrian.com www.pinterest.com s.pinimg.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com ct.pinterest.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.facebook.net graph.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: fonts.gstatic.com fonts.googleapis.com https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://sogecommerce.societegenerale.eu/static/latest/images/type-carte/ https://api-sogecommerce.societegenerale.eu/static/ https://sogecommerce.societegenerale.eu/vads-payment/ *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com chimpstatic.com *.mailchimp.com *.scalapay.com cdn.doofinder.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com downloads.mailchimp.com *.list-manage.com https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ *.avada.io https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.googleapis.com *.gstatic.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://api-sogecommerce.societegenerale.eu/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.doofinder.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://sogecommerce.societegenerale.eu/vads-payment/ https://api-sogecommerce.societegenerale.eu/api-payment/ https://api-sogecommerce.societegenerale.eu/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com s7.addthis.com https://player.vimeo.com https://www.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net https://plumrocket.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.facebook.net *.facebook.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline *.facebook.com https://www.facebook.com 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com bimg.abv.bg/GDPR/GDPR.js dmp.adwise.bg chimpstatic.com cdn.onesignal.com/sdks/OneSignalSDK.js static.zdassets.com/ekr/asset_composer.js v2.zopim.com/ cdn.onesignal.com/ onesignal.com/ assets.adobedtm.com *.adobe.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ *.facebook.net *.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-6d573e25b7f0d01120b74beae14bbdd9ce7b1d29' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-9C9SpSoDvuRXOBDJE-jyMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ACWuj3ufCN04XvTzyBajgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-561c5b06e7d5bcbceedfb325344f4674612d6411' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-aL83HzzMoJ2Z2D6hOa3g1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://www.youtube.com *.pinterest.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.trustedshops.com docker.creative-serving.com *.gstatic.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.google.* *.etrusted.com *.pinterest.com bat.bing.com *.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com cdn.doofinder.com https://img.youtube.com blob: www.google.ge *.google.com *.google.co.uk *.google.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.adyen.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.trustedshops.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.google.* *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be *.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.doofinder.com s7.addthis.com https://connect.facebook.net analytics.tiktok.com *.google.fr *.google.com *.google.co.uk *.google.ca js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.etrusted.com *.google.* *.pinterest.com display.ugc.bazaarvoice.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.adyen.com https://nominatim.openstreetmap.org *.google.lk analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.google.com *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.google-analytics.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ analytics.tiktok.com https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-uS0h3R7DZwrLvp7BqHJRvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: *.fontawesome.com *.gstatic.com 'self' data: *.cloudflare.com *.clarity.ms static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk www.worldofpower.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.mdoq.io www.worldofpower.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.worldofpower.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com www.facebook.com *.clarity.ms www.worldofpower.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://images.unsplash.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk www.worldofpower.co.uk media.worldofpower.co.uk media.worldofbbqs.co.uk media.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk bat.bing.com *.clarity.ms c.bing.com media2.giphy.com www.facebook.com image.providesupport.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.lpsnmedia.net bat.bing.com world11215.pcapredict.com www.googlecommerce.com connect.facebook.net image.providesupport.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk www.worldofpower.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com fonts.google.com *.cloudflare.com *.bootstrapcdn.com *.clarity.ms static.worldofpower.co.uk static.worldofbbqs.co.uk static.sipuk.co.uk static.klaviyo.com www.worldofpower.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.worldofpower.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net *.clarity.ms www.facebook.com static.sipuk.co.uk static.worldofpower.co.uk static.worldofbbqs.co.uk static-forms.klaviyo.com www.worldofpower.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.worldofpower.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.worldofpower.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-IRhJyUUCUG_P16eMgQyuAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://res.wx.qq.com https://res.wx.qq.com http://*.weishi.com https://*.weishi.com http://*.m.tencent.com https://*.m.tencent.com http://*.weixin.qq.com https://*.weixin.qq.com https://midas.gtimg.cn http://vm.gtimg.cn https://vm.gtimg.cn 'nonce-1863002068'  'strict-dynamic'; base-uri 'self';report-uri https://mp.weixin.qq.com/mp/fereport?action=csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-Ff0gzi3DufIW8TLdt0FJfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
* 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: mynjhelps.gov *.googleapis.com www.google.com *.gstatic.com translate.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-jEIbrmjfK33oqxRHReHFNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-a6d1SZ0RNcnrV0tEg24-3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.elfsight.com cdn.avmws.com p.typekit.net cdn-scripts.signifyd.com tasks.gsmoutdoors.com imgs.signifyd.com fast.a.klaviyo.com *.gstatic.com cdn.segment.com *.facebook.net use.typekit.net cdn11.bigcommerce.com storage.elfsight.com phosphor.utils.elfsightcdn.com www.gsmoutdoors.com cdn.userway.org *.googleapis.com adservice.google.com www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com kit.fontawesome.com static.klaviyo.com a.klaviyo.com acsbapp.com *.doubleclick.net www.google.com capture.trackjs.com ka-p.fontawesome.com www.youtube.com static-tracking.klaviyo.com cdn.trackjs.com core.service.elfsight.com *.cloudfront.net static-forms.klaviyo.com api.userway.org cdn.acsbapp.com *.facebook.com usage.trackjs.com cdn77.api.userway.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-oXXKPiEEr2mXznYEX-ntgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-WMRVsoohz-iNi-Q0WsCE_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magenative.com magenative.cedcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.mett.nl fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com google-analytics.com *.google-analytics.com;img-src *;script-src-elem 'self' 'unsafe-inline' *; 1
object-src 'none';base-uri 'self';script-src 'nonce-obaxTnbQPo8HW9VHTkp4GQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self'; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.walkme.com https://ec.walkme.com https://papi.walkme.com https://papi.walkme.com/deepui/p/analyzeAutomatonResult https://data-apps.walkme.com https://eu-data-apps.walkme.com https://analytics.components.industrysoftware.automation.siemens.com https://sancs.industrysoftware.automation.siemens.com https://sangw.industrysoftware.automation.siemens.com https://sancsc.industrysoftware.automation.siemens.com https://sangwc.industrysoftware.automation.siemens.com; font-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com; frame-src 'self' https://www.youtube.com https://fast.wistia.net https://cdn.walkme.com https://search.supplyframe.io; img-src data: 'unsafe-inline' * https://*.googletagmanager.com https://*.google-analytics.com https://s3.walkmeusercontent.com https://d3sbxpiag177w8.cloudfront.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://stats.g.doubleclick.net https://widget.intercom.io https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.walkme.com https://playerserver.walkme.com https://ec.walkme.com https://papi.walkme.com http://ec-playback.walkme.com https://analytics.components.industrysoftware.automation.siemens.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdn.walkme.com; report-uri /lift/content-security-policy-report 1
script-src 'self' api.tiles.mapbox.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self' api.tiles.mapbox.com cache.addthiscdn.com https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
img-src https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ 'self' https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://higherlogicstream.s3.amazonaws.com/SITCANCER/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/SITCANCER/ https://higherlogicdownload.s3.amazonaws.com/SITCANCER/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/SITCANCER/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-IBSwUAXtr8hRFjMGw3X-ZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-6OLUDNgqfLGzhuNQyZzIFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
img-src https://higherlogicdownload.s3.amazonaws.com/PTG/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogiclongterm.s3.amazonaws.com/PTG/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ 'self' https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicstream.s3.amazonaws.com/PTG/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-EOWMc_XPmQmRgxPv8P1ltQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-T13tOXORTxgZpN2Lx29kTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Iz94qPuCFGeqbCpoyh_rqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self';  connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://analytics.google.com https://stats.g.doubleclick.net https://csmetrics.hotjar.com/ https://analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com https://script.hotjar.com data:;  img-src 'self' https://blockly-demo.appspot.com/ https://www.google.com/ https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://www.facebook.com/ data:;  media-src 'self' https://blockly-demo.appspot.com/ https://tts.eljakim.nl/ data:;   script-src 'self' https://cdnjs.cloudflare.com https://connect.facebook.net/ https://static.hotjar.com https://script.hotjar.com https://tts.eljakim.nl/ https://unpkg.com/ https://www.google-analytics.com https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval';   script-src-elem 'self' https://tts.eljakim.nl/ https://cdnjs.cloudflare.com https://unpkg.com/ https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/ https://connect.facebook.net/ 'unsafe-inline';  style-src 'self' https://tts.eljakim.nl/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://static.hotjar.com https://script.hotjar.com 'unsafe-inline';   report-uri https://csp-reports.eljakim.nl/ 1
object-src 'none';base-uri 'self';script-src 'nonce-vyEwBQJ-PLY4SfSym7QYaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-Efwlhd7Hp-yqSAsoMkWW7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-AK8jtlZ1-fy0unIWJiwW9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-1t_ooEt96oPXGFC99-c5Yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zx5Rmx3fSC8aRay96iXuCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5rZ0vjg25Jufe7Ay1BYKbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ZCC-lb-DY3ZpCodtrULiHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src 'self' *.gds-services.com 1
object-src 'none';base-uri 'self';script-src 'nonce-GVCclUWseBP4LiIZS275hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zMCsY3-45YAsJ6cXUXchWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-3FKPaZVojSj-20v7tGmOFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pKQcKY9xw0J5zml6h-oWyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com *.zopim.com *.gstatic.com 'unsafe-inline' data: *.cloudflare.com blog.lifeaidbevco.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.snapchat.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; frame-ancestors blog.lifeaidbevco.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.snapchat.com *.trustpilot.com *.referralcandy.com destinilocators.com *.google.com *.gstatic.com *.pixlee.co *.attn.tv www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk *.trustpilot.com *.monsido.com *.adnxs.com *.adsrvr.org b1img.com *.rlcdn.com *.zopim.com *.tapad.com *.demdex.net *.pixlee.com *.omnithrottle.com pippio.com *.zendesk.com *.twitter.com *.pinimg.com *.tiktok.com *.pinterest.com *.google.com *.stackadapt.com *.doubleclick.net *.advertising.com *.yahoo.com *.rubiconproject.com *.company-target.com *.convertflow.com convertflow.co *.convertflow.co *.bttrack.com *.openx.net *.attn.tv www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blog.lifeaidbevco.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.zopim.com sc-static.net *.doubleclick.net *.monsido.com *.zdassets.com *.googleapis.com *.google.com *.gstatic.com *.b1js.com b1img.com destinilocators.com *.datasteam.io *.trustpilot.com *.pixlee.com *.tiktok.com *.referralcandy.com *.advertising.com *.googletagmanager.com *.google-analytics.com *.rubiconproject.com *.yahoo.com convertflow.co *.convertflow.co *.pinimg.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com blog.lifeaidbevco.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com *.googleapis.com 'unsafe-inline' data: *.cloudflare.com unsafe-inline assets.braintreegateway.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' *.lifeaidbevco.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com wss://widget-mediator.zopim.com *.monsido.com *.pinterest.com *.pinimg.com 'unsafe-inline' data: *.pixlee.com https://cdn.pdst.fm api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com blog.lifeaidbevco.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.lifeaidbevco.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.lifeaidbevco.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.klarna.com *.tawk.to *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.youtube.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.co.in bat.bing.com accounts.google.com *.facebook.com *.sharethis.com *.proav.co.uk *.blogger.com maps.gstatic.com *.tawk.to cdn.jsdelivr.net *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sharethis.com bat.bing.com *.hotjar.com *.cookiebot.com komito.net connect.facebook.net js.klarna.com *.klarna.com maps.googleapis.com *.tawk.to cdn.jsdelivr.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com x.klarnacdn.net *.tawk.to cdn.jsdelivr.net *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com embed.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.sharethis.com *.cookiebot.com bcp.crwdcntrl.net *.doubleclick.net vc.hotjar.io *.facebook.com js.klarna.com eu.klarnaevt.com *.tawk.to wss://*.tawk.to *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://proav.co.uk/; report-to report-endpoint; 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.google.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.affirm.com *.klaviyo.com *.inspectlet.com *.braintree-api.com *.bobcat.com *.okta.com *.facebook.com *.mouseflow.com *.dmctools.com *.mcstaging.dmctools.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.olark.com *.google.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.mouseflow.com *.iwdagency.com *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.magentocommerce.com *.ytimg.com data: *.google.com *.bootstrapcdn.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.google-analytics.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.google.com *.google.co.in *.google.nl *.inspectlet.com *.yotpo.com *.mouseflow.com *.certcapture.com *.reddit.com *.linkedin.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.com.ua *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.instagram.com *.klaviyo.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.mouseflow.com *.certcapture.com *.cloudflare.com *.igodigital.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.amazonaws.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.bootstrapcdn.com *.googleapis.com *.google.com.ua *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.klaviyo.com *.cloudflare.com *.certcapture.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.bobcat.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.googleapis.com *.cardinalcommerce.com *.google-analytics.com *.certcapture.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com google.com *.google.com *.google.co.in *.google.com.ua *.klaviyo.com inspectlet.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.yotpo.com *.mouseflow.com *.iwdagency.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-PCQ-CW4HD0tYxLKeRHdBHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zipY52exTc3wAeJ7boLw2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-ayIclOi0CxDyn4xNps3RTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-m2jAid8IxHPpyD26KmaTRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wF-f7rVXpw6M7rdN8PBjbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-0oV9IkzH93nhx1aMsUsDCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-k7SfdiGuZNOHhQoe4Sj16w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-IjhdXcmAF6MvmZ6WezI6qw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-cBxiHnE36AB4DyI1XnUv5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.fontawesome.com instantcredit.net test.instantcredit.net https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.paycomet.com api.paycomet.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.paycomet.com api.paycomet.com https://player.vimeo.com https://www.youtube-nocookie.com https://pageflip.rba.es/ www.xtento.com *.yotpo.com vars.hotjar.com player.vimeo.com www.youtube.com www.facebook.com ct.pinterest.com static.addtoany.com td.doubleclick.net aax-eu.amazon-adsystem.com 13964233.fls.doubleclick.net 12658434.fls.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://images.unsplash.com instantcredit.net test.instantcredit.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com *.yotpo.com sb.scorecardresearch.com www.google.com www.google.es www.facebook.com ad.doubleclick.net t.co analytics.twitter.com adservice.google.com bat.bing.com lh3.ggpht.com ct.pinterest.com www.googletagmanager.com bam.nr-data bam.nr-data.net creatividades.rba.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://player.vimeo.com https://www.youtube.com www.xtento.com cdn.xtento.com *.yotpo.com www.googleoptimize.com connect.facebook.net analytics.tiktok.com sb.scorecardresearch.com static.hotjar.com script.hotjar.com sdk.privacy-center.org js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net static.ads-twitter.com bat.bing.com cdn.lordicon.com s.pinimg.com static.addtoany.com cdn-4.convertexperiments.com logs.convertexperiments.com cdn.jsdelivr.net c.amazon-adsystem.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com instantcredit.net test.instantcredit.net https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com instantcredit.net test.instantcredit.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.yotpo.com analytics.tiktok.com region1.google-analytics.com in.hotjar.com bam.nr-data.net stats.g.doubleclick.net www.google-analytics.com ws40.hotjar.com content.hotjar.io cdn.lordicon.com maps.googleapis.com ct.pinterest.com bat.bing.com region1.analytics.google.com www.google.es vc.hotjar.io ws.hotjar.com metrics.hotjar.io pagead2.googlesyndication.com wss://ws.hotjar.com/ logs.convertexperiments.com eu2.device-api.indigitall.com analytics.pangle-ads.com api.privacy-center.org www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-Oc29GD3KpjQI0-lodz5IkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-DcRIi9pa4E4tlhHOs4rQng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-dGMS6YQwDXLD5DdtS0Q3IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-R49ysSnmvZJGc-hYekbOYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-bHU6nUw8MWUzRTBbqWY-Ww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-LWVARjvwTsjQsoAg9nNUcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self';           font-src * data:;           frame-ancestors 'self';           img-src * data:;           media-src * blob: data:;           object-src 'none'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com gum.criteo.com *.gum.criteo.com servedby.flashtalking.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.google.it *.google.it secure.adnxs.com *.secure.adnxs.com *.adnxs.com x.bidswitch.net *.x.bidswitch.net *.bidswitch.net ib.adnxs.com *.ib.adnxs.com ad.360yield.com *.ad.360yield.com *.360yield.com contextual.media.net *.contextual.media.net sync.outbrain.com *.sync.outbrain.com *.outbrain.com pixel.rubiconproject.com *.pixel.rubiconproject.com *.rubiconproject.com match.sharethrough.com *.match.sharethrough.com *.sharethrough.com rtb-csync.smartadserver.com *.rtb-csync.smartadserver.com *.smartadserver.com sync-t1.taboola.com *.sync-t1.taboola.com *.taboola.com criteo-sync.teads.tv *.criteo-sync.teads.tv *.teads.tv eb2.3lift.com *.eb2.3lift.com *.3lift.com ups.analytics.yahoo.com *.ups.analytics.yahoo.com *.analytics.yahoo.com e1.emxdgt.com *.e1.emxdgt.com *.emxdgt.com cm.adform.net *.cm.adform.net *.adform.net visitor.omnitagjs.com *.visitor.omnitagjs.com *.omnitagjs.com r.casalemedia.com *.r.casalemedia.com *.casalemedia.com gum.criteo.com *.gum.criteo.com *.criteo.com matching.ivitrack.com *.matching.ivitrack.com *.ivitrack.com exchange.mediavine.com *.exchange.mediavine.com *.mediavine.com simage2.pubmatic.com *.simage2.pubmatic.com *.pubmatic.com criteo-partners.tremorhub.com *.criteo-partners.tremorhub.com *.tremorhub.com ad.yieldlab.net *.ad.yieldlab.net *.yieldlab.net sync-criteo.ads.yieldmo.com *.sync-criteo.ads.yieldmo.com *.ads.yieldmo.com beacon.krxd.net *.beacon.krxd.net *.krxd.net s.thebrighttag.com *.s.thebrighttag.com *.thebrighttag.com *.igodigital.com id5-sync.com *.id5-sync.com trk.datnova.com *.trk.datnova.com *.datnova.com *.enervit.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com consent.cookiebot.com *.consent.cookiebot.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com *.cookiebot.com www.dwin1.com *.dwin1.com static.criteo.net *.static.criteo.net enervit.mailmnsa.com *.enervit.mailmnsa.com sslwidget.criteo.com *.sslwidget.criteo.com *.criteo.com js.cookieless-data.com *.js.cookieless-data.com *.cookieless-data.com smct.co *.smct.co js.sddan.com *.js.sddan.com trk.datnova.com *.trk.datnova.com *.datnova.com js-agent.newrelic.com *.js-agent.newrelic.com *.newrelic.com bam.nr-data.net *.bam.nr-data.net 510004521.collect.igodigital.com *.collect.igodigital.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.enervit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net google.com *.google.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net stats.g.doubleclick.net *.stats.g.doubleclick.net region1.analytics.google.com *.region1.analytics.google.com enervit.mailmnsa.com *.enervit.mailmnsa.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com bam.nr-data.net *.bam.nr-data.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-dd767452442dafa23cc936487ae19835830d7bc8' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1
object-src 'none';base-uri 'self';script-src 'nonce-sNrL9zZO5YspvOSkxHj8NQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-kFJ_AIw6zYcDBsws1jpajQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-B6MUpuIP1PmZJV18zrgutg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-5FPfcdKkV2hrdocRlGH1Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-KJeA24ebNOg5S8lglsR26A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://tcpinsurance.report-uri.com/r/t/csp/wizard 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; upgrade-insecure-requests; 1
object-src 'none';base-uri 'self';script-src 'nonce-nXx_TqHCqt7YvgwmahY5gA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-VXZm4T6itkva1Th4wMmm2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' fonts.googleapis.com *.saferpay.com; script-src 'self' 'unsafe-inline' stats.echonet.life; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' stats.echonet.life; connect-src 'self' stats.echonet.life; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self';media-src 'self'; frame-src 'self' www.facebook.com v.calameo.com; form-action 'self' *.saferpay.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-F_yUA89KydxgW0jZ319QHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pj5JntR8BSWeVLOlO341aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.efpa.es api.locize.app maxcdn.bootstrapcdn.com ka-f.fontawesome.com; img-src efpa.es *.efpa.es 'self' data: 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.fontawesome.com fonts.googleapis.com data: 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com; object-src 'self'; 1
img-src https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://higherlogicstream.s3.amazonaws.com/AUVSI/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com www.google.ie *.custhelp.com *.crazyegg.com *.gstatic.com momentjs.com maxcdn.bootstrapcdn.com www.sagaftra.org fast.fonts.net www.googletagmanager.com code.jquery.com *.oraclecloud.com manager.eu.smartlook.cloud www.rnengage.com html5-player.libsyn.com *.siteimproveanalytics.io analytics.google.com web-sdk.smartlook.com www.youtube.com cdn01.boxcdn.net www.google.com cdnjs.cloudflare.com cdn.datatables.net www.google-analytics.com assets-proxy.smartlook.cloud siteimproveanalytics.com *.doubleclick.net *.eloqua.com img04.en25.com region1.analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none'; script-src 'nonce-c6b90a0c298099ba63d30cd6286ea6d5e2281846df9e5548c231a1c6cf0b7b57' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; img-src 'self' https: data:; base-uri 'none'; frame-ancestors 'self' ; 1
object-src 'none';base-uri 'self';script-src 'nonce-6DC7xbKL-i2r9vbdEzHYDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' thomas-and-company.com *.thomas-and-company.com;  script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  img-src 'self' privacy-policy.truste.com www.google-analytics.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.wpengine.com *.thomas-and-company.com thomas-and-company.com;  connect-src 'self' www.google-analytics.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'report-sample' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.google.com https://dgap.org https://player.podigee-cdn.net; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com; report-uri https://internationalepolitik.de/en/report-uri/reportOnly 1
default-src 'self'; img-src 'self' data: https://pave.labloco.com https://forms.hsforms.com https://forms-na1.hsforms.com/ https://exceptions.hs-embed-reporting.com https://static.hsappstatic.net https://*.google-analytics.com https://*.google.com https://*.google.ca; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hsappstatic.net https://js.hsforms.net; script-src-elem 'self' 'unsafe-inline' https://static.hsappstatic.net https://*.googletagmanager.com https://*.google-analytics.com https://*.hsforms.net https://unpkg.com https://*.google.com https://*.gstatic.com; media-src 'self' https://*.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net; form-action 'self' https://paveinspect.com https://pave.bot https://forms.hsforms.com; frame-src 'self' https://meetings.hubspot.com https://forms.hsforms.com https://*.google.com; connect-src 'self' https://forms.hsforms.com https://*.google-analytics.com/ https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net; block-all-mixed-content ; report-uri /csp.php 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.google.com https://widget.trustpilot.com https://bid.g.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.com https://www.google.co.in ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com/ https://amcglobal.sc.omtrdc.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://widget.trustpilot.com http://widget.trustpilot.com https://invitejs.trustpilot.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://maps.googleapis.com/ https://js-agent.newrelic.com https://bam.nr-data.net *.trustpilot.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://stats.g.doubleclick.net https://www.google-analytics.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.marysvillemarine.com/; report-to report-endpoint; 1
report-to slardar-endpoint; script-src 'self' 'report-sample' 'nonce-0333ab8174dca799d2f11abcf8f8f454-argus' 'strict-dynamic' 'unsafe-eval' *.bytescm.com *.zijieapi.com *.snssdk.com *.feelgood.cn *.bytetos.com *.google-analytics.com hm.baidu.com data: *.bytedance.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com *.douyinstatic.com *.douyinpic.com *.douyin.com *.bytednsdoc.com *.bytedance.net *.byteimg.com *.byted.org *.pstatp.com .idouyinvod.com: .volcsiriusbd.com: .volcsirius.com: .tt.x.bsgslb.cn: .dy.zzcdnx.com: .qc.bsccdn.net: .smtcdns.com: .ugslb.com: .livehwc3.cn: .smtcdns.net: .bytefcdnrd.com: .ksyungslb.com: .ksyungslb2.com: .ourdvsss.com: .tbcache.com: .jomodns.com: .douyincdn.com: .ixigua.com: .bdxigualive.com: .pstatp.com: .douyinliving.com: .picovr.com: .huoshanlive.com: .ihuoshanlive.com: .volccdn.com: .bestv.com.cn: .bytefcdn.com: .douyinvod.com: *.byted-static.com blob:; connect-src 'self' *.bytescm.com *.zijieapi.com *.snssdk.com *.feelgood.cn *.bytetos.com *.google-analytics.com hm.baidu.com data: *.bytedance.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com *.douyinstatic.com *.douyinpic.com *.douyin.com *.bytednsdoc.com *.bytedance.net *.byteimg.com *.byted.org *.pstatp.com .idouyinvod.com: .volcsiriusbd.com: .volcsirius.com: .tt.x.bsgslb.cn: .dy.zzcdnx.com: .qc.bsccdn.net: .smtcdns.com: .ugslb.com: .livehwc3.cn: .smtcdns.net: .bytefcdnrd.com: .ksyungslb.com: .ksyungslb2.com: .ourdvsss.com: .tbcache.com: .jomodns.com: .douyincdn.com: .ixigua.com: .bdxigualive.com: .pstatp.com: .douyinliving.com: .picovr.com: .huoshanlive.com: .ihuoshanlive.com: .volccdn.com: .bestv.com.cn: .bytefcdn.com: .douyinvod.com: *.byted-static.com; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.sharethis.com *.rawgit.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.googleapis.com *.linkedin.com *.hotjar.com wasm-eval *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.sharethis.com *.rawgit.com *.cloudflare.com *.jquery.com *.facebook.net *.cookiebot.com *.g.doubleclick.net *.fontawesome.com *.bootstrapcdn.com *.wisoyekivo.com *.linkedin.com *.vimeo.com *.skedify.io *.plugin.skedify.io *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.pagespeed-mod.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-elem 'self' 'unsafe-inline' *.jquery.com *.googleapis.com *.bootstrapcdn.com *.skedify.io pv.skedify.show *.fontawesome.com *.sharethis.com *.gstatic.com *.pvgroup.be; style-src-attr 'unsafe-inline'; img-src 'self' data: *.google.com *.skedify.io *.vimeocdn.com *.ytimg.com *.sharethis.com *.googleapis.com *.gstatic.com *.sharethis.com *.google-analytics.com *.hotjar.com *.gstatic.com *.sharethis.com *.google.com *.sharethis.com *.facebook.com *.google-analytics.com *.google.at *.google.be *.google.ch *.google.co.uk *.google.co.za *.google.com *.google.com.ng *.google.de *.google.es *.google.fi *.google.fr *.google.ie *.google.it *.google.lu *.google.nl *.google.pt *.google.se *.googletagmanager.com *.gstatic.com *.ondernemersbelang.nl *.pv.be *.pvgroep.coop *.pvgroup.be *.reprintsdesk.com *.researchsolutions.com *.verfvanniveau.nl *.google.co.in; font-src 'self' data: *.alicdn.com *.gstatic.com github.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.doubleclick.net *.google.com *.eu1.kaskocloud.com *.skedify.io *.crwdcntrl.net *.cookiebot.com *.withgoogle.com *.stbuttons.click data: *.hotjar.com *.fontawesome.com *.sharethis.com *.google.com *.googleapis.com *.ingest.sentry.io *.googlesyndication.com properties *.google-analytics.com *.g.doubleclick.net *.hotjar.io *.facebook.com; media-src 'self'; child-src *.fls.doubleclick.net *.google.com *.esignlive.eu *.cookiebot.com *.sharethis.com *.facebook.com *.linkedin.com *.youtube-nocookie.com *.youtube.com; frame-src 'self' *.fls.doubleclick.net *.google.com *.esignlive.eu blob: *.cookiebot.com *.ebconnect.be *.zscaler.net *.zscalertwo.net *.vimeo.com *.plugin.skedify.io *.sharethis.com properties *.facebook.com *.sharethis.com *.facebook.com *.google.com *.linkedin.com *.sofiskonline.be *.youtube-nocookie.com *.youtube.com; frame-ancestors 'self'; form-action 'self' *.sips-services.com *.salesforce.com *.facebook.com; manifest-src 'self'; object-src 'none'; report-uri https://pvgroup.report-uri.com/r/d/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-zls95FJSpDWm8M1HijlnIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-xuaTzid4HVWP5EPS-m2YmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.googleapis.com https://www.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.buyfirealarmparts.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.happyfoxchat.com *.trustpilot.com https://*.braintreegateway.com www.buyfirealarmparts.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://www.google.com https://www.googletagmanager.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://www.gstatic.com *.happyfoxchat.com *.trustpilot.com https://www.googletagmanager.com https://googleads.g.doubleclick.net maps.googleapis.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://happyfoxchat.com https://www.google-analytics.com https://www.paypal.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self'; font-src 'self' https: data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; report-uri /csp-violation-report 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-bwCXwWmCmLCWSWULyfaSUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline' 1
child-src watier.com salesgroupemarcelle.com marcelle.com annabelle.com cwbeggs.com blob:; font-src fonts.gstatic.com staticw2.yotpo.com static.klaviyo.com watier.com marcelle.com annabelle.com cwbeggs.com salesgroupemarcelle.com; frame-src ct.pinterest.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.marcelle.com *.cloudmaestro.com staticw2.yotpo.com widget-mediator.zopim.com *.cloudflare.com acuityplatform.com *.google.com chimpstatic.com www.googletagmanager.com *.google-analytics.com analytics.twitter.com *.facebook.net *.hotjar.com static.zdassets.com platform.instagram.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.zendesk.com *.criteo.net www.youtube.com s.ytimg.com *.criteo.com ajax.googleapis.com api.instagram.com www.instagram.com app.purechat.com widget.surveymonkey.com secure-cdn.mplxtms.com snap.licdn.com *.annabelle.com www.lisewatier.com www.lisewatier.us www.salesgroupemarcelle.com www.googleadservices.com secure.adnxs.com ib.adnxs.com platform.twitter.com s.pinimg.com googleads.g.doubleclick.net static.ads-twitter.com *.queue-it.net marcelle.us5.list-manage.com tpc.googlesyndication.com ws1.postescanada-canadapost.ca static.zdassets.com storage.googleapis.com *.us5.list-manage.com js.braintreegateway.com *.paypal.com *.radial.com static-tracking.klaviyo.com static.klaviyo.com dev.visualwebsiteoptimizer.com cdn.ometria.com tag.rmp.rakuten.com analytics.tiktok.com bat.bing.com loader.wisepops.com wisepops.net ct.pinterest.com www.clarity.ms cdn-widgetsrepository.yotpo.com cdn.wisepops.com; worker-src watier.com cwbeggs.com annabelle.com salesgroupemarcelle.com marcelle.com 'unsafe-inline' 'unsafe-eval' blob:; report-uri /.webscale/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-DhWbXldoS1OAkzonCQkqLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-BjecxSeI2BuwYnkccIoJuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src https:;script-src https: 'strict-dynamic' 'nonce-052d60037b619e05014d358124c056138d89c212d9dfadc5e1309a8ceec4b7e8' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors https://my.firespring.com;base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log?n=1 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.bunny.net cdn.matomo.cloud *.gstatic.com relyens.matomo.cloud www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-1Ld9gC_2w8MSvlZwnj3loVEW-d7nbYYl'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com static.zip.co *.afterpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://pay.google.com https://secure-test.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://*.googleapis.com https://*.googleusercontent.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com snapwidget.com *.zip.co d35p4vvdul393k.cloudfront.net https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com display.ugc.bazaarvoice.com https://fonts.googleapis.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com *.zipmoney.com.au *.zip.co *.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.facebook.com *.livechatinc.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.livechatinc.com *.rfihub.com *.adnxs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudflare.com *.facebook.com *.google.com *.google.com.mx *.gstatic.com *.googleusercontent.com *.paypal.com *.icons8.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.showmethepartsdb2.com *.showmethepartsdb.com 3aa074a4dd.nxcli.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.fontawesome.com *.newrelic.com *.nr-data.net *.facebook.net *.doubleclick.net *.gstatic.com *.bizible.com *.bing.com *.marketo.net *.livechatinc.com *.weglot.com *.rezync.com *.licdn.com *.stackadapt.com *.hotjar.com *.rfihub.net *.boomtrain.com *.scaleflex.it *.typekit.net *.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.stackadapt.com *.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.facebook.com *.gstatic.com *.googleapis.com *.boomtrain.com *.stackadapt.com *.google.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cl.avis-verifies.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com *.adsymptotic.com www.netreviews.eu cl.avis-verifies.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.clarity.ms cl.avis-verifies.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com bat.bing.com *.doubleclick.net *.clarity.ms https://address-validation-service-api.pim-testing.aws.lsbit.be t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://address-validation-service-api.pim-testing.aws.lsbit.be *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.clinch.co cdn.krxd.net *.serving-sys.com cdn.treasuredata.com trk.clinch.co www.googletagmanager.com www.youtube.com cdn.jsdelivr.net bam.nr-data.net js-agent.newrelic.com *.doubleclick.net www.google.com www.google.co.za in.treasuredata.com beacon.krxd.net cdn.cookielaw.org analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com https://js.digitalriverws.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://ui1.img.digitalrivercontent.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com playseat.com playseat.dev *.playseat.com *.cloudflare.com *.linkedin.com *.google.nl *.adobetm.com *.ibb.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://js.digitalriverws.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.fontawesome.com *.pingdom.net *.hotjar.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://js.digitalriverws.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com playseat.com playseat.dev *.playseat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.pingdom.net *.hotjar.com *.hotjar.io *.cookiebot.com *.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://playseat.dev/; report-to report-endpoint; 1
object-src 'none';base-uri 'self';script-src 'nonce-yV5ahlO_IUfamO_8cxutOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-9mDrx7BbmHqqAmACjEYrRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-wAxfj3KzR2sLkh5F49OpxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
frame-ancestors 'none'; frame-src 'self' https://accounts.google.com https://content-sheets.googleapis.com; block-all-mixed-content; object-src 'none'; worker-src 'self'; form-action 'none'; base-uri 'none'; report-to default; 1
font-src *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.xsmanguasjad.ee *.google.com *.google.lv *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://wt.soundestlink.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.newrelic.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.nr-data.net *.zdassets.com *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://forms.soundestlink.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.hotjar.com *.doubleclick.net *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com *.cleverreach.com *.ekomiapps.de https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.cleverreach.com *.weltpixel.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://*.gstatic.com *.cloudfront.net *.fbcdn.net *.google.de *.google.com *.facebook.com *.cdninstagram.com *.instagram.com *.crl.eu *.smartsuppcdn.com *.ytimg.com *.ekomiapps.de https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://www.magezon.com https://www.mollie.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.google.com *.gstatic.com *.instagram.com *.facebook.com *.facebook.net *.googletagmanager.com cdnjs.cloudflare.com paypalobjects.com *.smartsuppchat.com *.smartsuppcdn.com *.qualtrics.com *.adform.net *.google-analytics.com *.ekomiapps.de smart-widget-assets.ekomiapps.de https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io js.mollie.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.gstatic.com *.smartsuppcdn.com *.fontawesome.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.gstatic.com *.smartsuppcdn.com *.smartsupp.com *.smartsuppchat.com *.google-analytics.com *.doubleclick.net *.qualtrics.com *.adform.net wss://websocket-visitors.smartsupp.com *.ekomiapps.de https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https://storage.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://pagead2.googlesyndication.com https://more-than-numbers.ghost.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://www.loom.com/v1/oembed https://backend.getbeamer.com https://www.google.com/pagead https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com/ads https://capture-api.ap3prod.com https://script.crazyegg.com https://cdn3l.ink https://connect.facebook.net https://app.getbeamer.com; default-src none; font-src 'self' https://fonts.gstatic.com https://storage.googleapis.com https://js.intercomcdn.com; form-action 'self'; frame-src 'self' https://js.stripe.com https://login.count.co https://push.getbeamer.com https://changelog.count.co https://count-production.firebaseapp.com; img-src 'self' data: https://storage.googleapis.com https://www.google-analytics.com https://www.google.com/ads https://blog.count.co https://cdn.loom.com/sessions/thumbnails https://static.intercomassets.com https://js.intercomcdn.com/images https://px.ads.linkedin.com https://www.facebook.com; media-src 'self' https://js.intercomcdn.com/audio; object-src none; script-src 'self' 'nonce-1bkLy13zQUIngZ0R_LxlX' 'nonce-wzWD91gcqgB0cV8oFS10j' 'nonce-BcfsWenUYLQv9ShV5Mx_h' 'nonce-1awfN57gVdJZP7XiOI9Ur' 'wasm-unsafe-eval' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://js.stripe.com https://app.getbeamer.com/js https://apis.google.com/js https://static.getbeamer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://storage.googleapis.com https://app.getbeamer.com/styles; worker-src 'self'; 1
frame-src https://login.philanthropycloud.com https://login.elevate.salesforce.org https://*.force.com/ https://www.youtube.com/ https://js.stripe.com/ https://player.vimeo.com/; report-uri https://api.philanthropycloud.com/cspreport?type=elevate; 1
object-src 'none';base-uri 'self';script-src 'nonce-BebFJVfxNe9aisR0ZctUmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdn.gbqofs.com www.google.co.uk *.onetrust.com jsonplaceholder.typicode.com www.google-analytics.com cdn.cookielaw.org www.google.ie www.googletagmanager.com bat.bing.com *.facebook.com cdn2.gbqofs.com www.youtube.com c1001.report.gbss.io browser-update.org *.googleadservices.com js.hcaptcha.com *.gstatic.com *.facebook.net api.autoaddress.ie pxl-fbdie.terminalfour.net region1.analytics.google.com newassets.hcaptcha.com region1.google-analytics.com widget.trustpilot.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudfront.net www.google.es stats.g.doubleclick.net *.onetrust.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com www.gstatic.com sl.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.paypal.com bam.nr-data.net *.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-fFL2AwNaIwhfJGdwFMlhiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-zC-lI6kOo-zKtuEuhN9uUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src 'self' data: https://cdnjs.cloudflare.com https://d31eck28xxyyiu.cloudfront.net https://d3hn0m4rbsz438.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com; connect-src http://127.0.0.1:* https://*.canvasmedical.com https://sentry.canvasmedical.com wss://*.canvasmedical.com wss://127.0.0.1:* https://d31eck28xxyyiu.cloudfront.net https://esp.aptrinsic.com https://*.ingest.sentry.io; default-src 'self' https://*.canvasmedical.com https://canvasmedical.com https://d31eck28xxyyiu.cloudfront.net; img-src 'self' data: https://*.canvasmedical.com https://127.0.0.1:* https://canvas-client-media.s3.amazonaws.com https://canvas-medical.s3-us-west-2.amazonaws.com https://canvas-medical.s3.us-west-2.amazonaws.com https://canvas-storages.s3.amazonaws.com https://canvasmedical.com https://cdnjs.cloudflare.com https://d31eck28xxyyiu.cloudfront.net https://d3hn0m4rbsz438.cloudfront.net https://q.stripe.com https://s3-us-west-2.amazonaws.com; upgrade-insecure-requests; style-src 'self' https://*.canvasmedical.com https://canvasmedical.com https://cdnjs.cloudflare.com https://checkout.stripe.com https://code.jquery.com https://d31eck28xxyyiu.cloudfront.net https://d3hn0m4rbsz438.cloudfront.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3-us-west-2.amazonaws.com https://cdn.jsdelivr.net https://web-sdk.aptrinsic.com 'nonce-G7alKs8eiKC1hnbR'; frame-src self https://*.canvasmedical.com https://canvas-client-media.s3.amazonaws.com https://js.stripe.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://checkout.stripe.com https://js.stripe.com https://code.jquery.com https://d31eck28xxyyiu.cloudfront.net https://d3hn0m4rbsz438.cloudfront.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://web-sdk.aptrinsic.com 'nonce-G7alKs8eiKC1hnbR'; block-all-mixed-content; object-src 'self' https://canvas-client-media.s3.amazonaws.com; report-uri https://canvas.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.cloudmaestro.com cdnjs.cloudflare.com sslwidget.criteo.com connect.facebook.net connect.facebook.net www.google.com js.intercomcdn.com bat.bing.com googleads.g.doubleclick.net widget.intercom.io rum-static.pingdom.net widget.intercom.io consentcdn.cookiebot.com staticw2.yotpo.com cdn.ywxi.net www.googletagmanager.com polyfill.io js.cnnx.link cdn.callrail.com consent.cookiebot.com d1igp3oop3iho5.cloudfront.net r1-t.trackedlink.net www.google-analytics.com static.criteo.net www.gstatic.com widget.us.criteo.com js.callrail.com webchat.dotdigital.com www.paypal.com cdn.dnky.co www.googleadservices.com *.paypalobjects.com *.authorize.net assets.adobedtm.com *.zdassets.com *.tiktok.com ajax.cloudflare.com *.klaviyo.com *.newrelic.com *.nr-data.net bam.nr-data.net *.yotpo.com assets.braintreegateway.com; report-uri /.webscale/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com dcinfos-cache.abtasty.com static.addtoany.com region1.analytics.google.com try.abtasty.com cdn.seopa.com cdn.jsdelivr.net c0.adalyser.com adservice.google.com *.doubleclick.net *.cloudinary.com www.google.co.uk www.google.com ariane.abtasty.com car-insurance.compareni.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1
object-src 'none';base-uri 'self';script-src 'nonce-dodCAtysrrxyuUYdjvyQGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
script-src 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-lPIkpiBvH3inF40wmOl8DuRsdcVFHRUveJi9iqjAd0E=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1
object-src 'none';base-uri 'self';script-src 'nonce-YH9oGJrMN41H3DKD0sRRdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.weltpixel.com widget.trustpilot.com/ https://plumrocket.com js.mollie.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com https://images.unsplash.com *.gstatic.com https://www.mollie.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js https://www.googletagmanager.com tagmanager.google.com widget.trustpilot.com cdn.jsdelivr.net *.avada.io js.mollie.com squeezely.tech www.squeezely.tech *.squeezely.tech tm.tradetracker.net *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com tagmanager.google.com *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com https://www.google-analytics.com https://get.geojs.io *.avada.io squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-qf8dw1b8M8ZYL5epCkYU_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-pCfQ2PT9dpPlUTlFX4DDkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' 'nonce-MURack12eEJOY1ZwblRMRg==' https://fonts.googleapis.com https://fonts.gstatic.com https://*.facebook.com https://*.socialhp.com https://js.driftt.com https://calendly.com https://www.google.com https://*.iubenda.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shp.so https://snap.licdn.com https://ga.clearbit.com https://polyfill.io https://cdn.jwplayer.com https://www.youtube.com https://connect.facebook.net https://*.google-analytics.com https://*.lfeeder.com https://*.driftt.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.sentry-cdn.com https://cdn.logrocket.io https://js-agent.newrelic.com https://bam.nr-data.net m https://*.calendly.com https://npmcdn.com https://cdn.lr-ingest.io; script-src-elem 'self' 'nonce-MURack12eEJOY1ZwblRMRg==' https://pixel.shp.so https://www.googletagmanager.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.lr-ingest.io http://*.heyoliver.com https://connect.facebook.net https://*.google-analytics.com https://pixel.shp.so https://sc.lfeeder.com https://tr.lfeeder.com https://pixel.shp.so https://www.google-analytics.com https://cdn.jwplayer.com https://connect.facebook.net https://www.youtube.com https://*.google-analytics.com http://*.google-analytics.com https://*.lfeeder.com https://polyfill.io https://*.driftt.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.sentry-cdn.com https://cdn.logrocket.io https://js-agent.newrelic.com https://bam.nr-data.net https://*.iubenda.com ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.heyoliver.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://*.iubenda.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.scite.ai data:; connect-src  'self' https://*.shp.so https://*.socialhp.com https://*.google.com https://*.facebook.com https://cdn.linkedin.oribi.io https://www.heyoliver.com https://analytics.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.logrocket.io https://sentry.io https://*.sentry.io https://bam.nr-data.net https://*.doubleclick.net https://r.lr-ingest.io https://*.iubenda.com ; img-src *, data:*; media-src 'self' https://image.socialhp.com https://image-gs.socialhp.com https://res.cloudinary.com https://*.iubenda.com ; frame-src 'self' https://*.youtube.com https://js.driftt.com https://www.google.com https://calendly.com https://*.facebook.com https://*.iubenda.com ; object-src none; worker-src 'self' blob:; report-uri  https://o266291.ingest.sentry.io/api/5647787/security/?sentry_key=a72999d558b84b939ee7095e8a8c18e3; 1
object-src 'none';base-uri 'self';script-src 'nonce-vHEwv_P2aaW3e5jwAMbVhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
default-src 'self' www.oxemis.com oxemis.com unpkg.com ; script-src 'self' www.oxemis.com oxemis.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' unpkg.com ; frame-src oxiforms.com www.oxiforms.com ; frame-ancestors 'self' ; base-uri 'none' ; report-uri csp-reports.php?d3d3Lm94ZW1pcy5jb20v ; 1
object-src 'none';base-uri 'self';script-src 'nonce-5IRFtocLuHwCYibO56xf3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
font-src *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com https://vars.hotjar.com/ https://www.facebook.com/ https://ct.pinterest.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com static.przelewy24.pl www.gstatic.com gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.pl/ https://www.google.com/ https://www.facebook.com/ https://ct.pinterest.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.cloudflareinsights.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://s.pinimg.com/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline *.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://in.hotjar.com/ https://content.hotjar.io/ https://ct.pinterest.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-TSdqdhn61gt77S69Izr6Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-_YsWFf-YgJ8MDC8yU551yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
connect-src 'self' noembed.com cdn.plyr.io cdn.linkedin.oribi.io www.facebook.com ad.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com www.google-analytics.com maps.googleapis.com translate.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.ch tpc.googlesyndication.com www.google-analytics.com www.google.com data: *.adform.net www.youtube-nocookie.com cdn.plyr.io embed.eventfrog.ch *.ffhs.ch *.3vrooms.app i.ytimg.com www.youtube.com 12720745.fls.doubleclick.net adservice.google.com analytics.google.com maps.googleapis.com www.gstatic.com connect.facebook.net googleads.g.doubleclick.net region1.analytics.google.com snap.licdn.com stats.g.doubleclick.net www.facebook.com www.googleadservices.com www.googletagmanager.com www.linkedin.com cdn.linkedin.oribi.io px.ads.linkedin.com; font-src 'self' fonts.gstatic.com ; form-action 'self'; img-src 'self' data: px.ads.linkedin.com www.facebook.com www.google.com www.google.ch maps.googleapis.com region1.analytics.google.com region1.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com maps.gstatic.com i.ytimg.com blob: ad.doubleclick.net region1.google-analytics.com www.google-analytics.com translate.google.com fonts.gstatic.com px4.ads.linkedin.com; media-src cfvod.kaltura.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-src 12720745.fls.doubleclick.net tube.switch.ch embed.eventfrog.ch www.terminland.de bid.g.doubleclick.net tpc.googlesyndication.com www.google.com www.youtube.com *.ffhs.ch; worker-src blob:; report-uri https://ffhs.report-uri.com/r/d/csp/reportOnly; report-to default 1
object-src 'none';base-uri 'self';script-src 'nonce-wi4YAXidKPNSGqhQib4rAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1
object-src 'none';base-uri 'self';script-src 'nonce-oFGQ8rye5mFgb2qT3L2h_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1