Values for content-security-policy-report-only: default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 196 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 170 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://*.mlstatic.com https://js-agent.newrelic.com https://*.hotjar.com https://*.nr-data.net https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://*.googlesyndication.com https://tags.creativecdn.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.datadoghq-browser-agent.com https://maps.googleapis.com https://ssl.google-analytics.com https://static.meli.com https://*.mercadolibre.com https://*.mercadopago.com; report-to endpoint-csp; report-uri https://events.mercadolibre.com/csp/reports 106 83 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 68 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 35 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 34 frame-ancestors 'self' 33 default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 27 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 27 default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 25 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data: ajax.cloudflare.com; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 25 default-src 'self' 23 default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors 'none';base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 21 default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 20 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 19 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 16 report-uri /report-csp-violation 16 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 13 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 13 font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 12 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 11 default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:; object-src https:; worker-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 11 default-src 'self'; img-src 'self' *.calconic.com *.hotjar.com *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com; script-src 'self' 'unsafe-inline' *.onetrust.com *.calconic.com *.hotjar.com cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com; style-src 'self' 'unsafe-inline' *.calconic.com *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net; font-src 'self' *.hotjar.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com pro.fontawesome.com;connect-src *.onetrust.com *.calconic.com *.hotjar.com *.hotjar.io *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net;frame-src *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net; 11 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 11 frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 10 report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 10 report-uri /report-csp-violation; upgrade-insecure-requests 10 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 9 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 9 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 9 default-src * 'self' cdnjs.cloudflare.com ; child-src * 'self' blob: ; connect-src * 'self' data: https ; frame-src * 'self' blob: ; font-src * 'self' data: fonts.gstatic.com ; img-src * 'self' blob: data: ; media-src * 'self' blob: data: ; object-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' 'unsafe-inline' data: ; style-src-elem * 'self' 'unsafe-inline' data: ; report-uri /api/v1/csp_reports ; worker-src * 'self' blob: ; 9 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 9 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 8 connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 8 default-src https: data: 'unsafe-inline' 'unsafe-eval' 8 default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 8 object-src 'none'; script-src 'none'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 8 worker-src 'none'; 8 block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 7 report-uri https://reporting.go-mpulse.net/report/FDSGP-LEB9B-T8Y2A-5V5ED-9WX2T 7 default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src 'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src 'self' wdr.de *.wdr.de blob: ; frame-ancestors 'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 7 default-src https: 'unsafe-inline' 'unsafe-eval' 7 default-src 'self'; 7 font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.trustpilot.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 7 default-src 'self' *.wp.com; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; media-src blob: https:; frame-src https:; object-src 'none'; connect-src https:; 7 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 6 default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 6 default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 6 default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 6 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 6 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 6 default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 6 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.affirm.com *.affirm.ca *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.facebook.net *.facebook.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com secure.adnxs.com *.bing.com px.ads.linkedin.com *.facebook.net *.facebook.com snap.licdn.com *.github.io *.clarity.ms google.co.kr *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com stats.g.doubleclick.net *.bing.com *.facebook.net *.facebook.com snap.licdn.com *.clarity.ms secure.adnxs.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com stats.g.doubleclick.net *.clarity.ms *.facebook.net *.facebook.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 6 default-src blob: https:; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; frame-src https:; media-src data: https:; object-src 'none'; connect-src https:; frame-ancestors 'self'; 6 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pal-test.adyen.com http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com www.jsctool.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://api.permaleads.ch/api.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://api.permaleads.ch/ https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.sharethis.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com *.gstatic.com tagmanager.google.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://api.permaleads.ch https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 5 default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 5 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 5 default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; script-src 'self' https://*.fcl.cloud https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.newrelic.com https://*.usabilla.com https://cdnjs.cloudflare.com https://cdn.optimizely.com https://amplify.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://s.pinimg.com https://snap.licdn.com https://accounts.google.com; frame-ancestors 'self'; report-uri /api/csp_report; 5 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 5 upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 5 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 5 default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 5 object-src 'none'; script-src 'self' https://cse.google.com https://js.hsforms.net https://rebilly.github.io https://use.fontawesome.com https://ws.sharethis.com pagecdn.io platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 5 font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.unbxdapi.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.unbxd.io *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.unbxd.io *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 5 sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals 5 report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-2FWbbMoT7waHBCiV2wuUG048ErDHcGNjbfOOSp5PtJs=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4 default-src 'self' data: blob: https://*.bamboostage.com https://*.bamboohr.com https://consent.trustarc.com https://cdn.bizible.com https://bat.bing.com https://connect.facebook.com https://*.licdn.com https://static.hotjar.com https://tracking.g2crowd.com https://static.ads-twitter.com https://munchkin.marketo.com https://cdn.abrankings.com https://a.quora.com https://q.quora.com https://*.thebrightforks.com https://dx.mountain.com https://tag.clearbitscripts.com https://abm-tracking.demandscience.com https://cdn.pdst.fm https://x.clearbitjs.com https://www.googletagmanager.com https://www.redditstatic.com https://snap.licdn.com https://www.google-analytics.com https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://abm-tracking.demandscience.com https://cdn.jsdelivr.net https://match.prod.bidr.io https://bamboohr.zendesk.com https://*.zdassets.com https://assets.screensteps.com https://fast.wistia.com https://fast.wistia.net https://unpkg.com https://*.convertexperiments.com https://js.intercomcdn.com https://cdn.readme.io https://*.gstatic.com 'unsafe-inline' 'unsafe-eval'; report-uri https://app.bamboohr.com/ajax/parse_csp_report.php; 4 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com *.tt.omtrdc.net; report-uri /cxsite/csp-report/csp-report.html 4 frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 4 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 4 default-src 'self'; connect-src 'self' *.appmaster.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://api-iam.intercom.io https://forms.hsforms.com https://maps.googleapis.com wss://*.intercom.io https://stats.g.doubleclick.net www.google.com; font-src 'self' data: https: ; img-src 'self' data: blob: https: ; media-src 'self' data: blob: https: ; object-src 'none'; frame-src 'self' *.appmaster.io *.recaptcha.net *.youtube.com widget.canny.io; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.appmaster.io *.hsforms.net *.intercom.io *.intercomcdn.com https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ *.recaptcha.net *.canny.io; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.appmaster.io https://fonts.googleapis.com; worker-src data: blob:; report-uri https://sentry.appmaster.io/api/3/security/?sentry_key=f3a1f5e566804120856802b6ba1adda8; report-to apms; 4 report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 4 default-src 'none'; frame-ancestors 'none'; connect-src 'self' st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 4 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 4 default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 4 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 4 default-src 'self' data: *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.site.com *.flippingbook.com *.criteo.net *.cquotient.com *.adyen.com *.doubleclick.net *.hotjar.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.paypal.com *.paypalobjects.com *.facebook.net *.googletagmanager.com *.datatoolscloud.net.au *.igodigital.com *.salesforceliveagent.com *.serving-sys.com *.force.com *.tiqcdn.com *.rezdy.com *.polyfill.io *.cloudflare.com *.subscribepro.com *.dwin1.com *.criteo.com *.adnxs.com *.salesforce.com *.wayin.com *.typekit.net *.ooyala.com *.licdn.com *.getwisp.co *.omneo.io *.vimeo.com *.formstack.com *.thefork.com.au *.resy.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.adobe.com *.cloudfront.net *.sc-static.net sc-static.net *.adsrvr.org *.googleoptimize.com *.googleanalytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in; style-src 'self' data: 'unsafe-inline' 'unsafe-hashes' *.site.com *.adyen.com *.googleapis.com *.force.com *.omneo.io *.subscribepro.com *.datatoolscloud.net.au *.salesforceliveagent.com *.ooyala.com *.formstack.com *.thefork.com.au *.go2cloud.org *.sc-static.net *.google.com *.google-analytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in; img-src 'self' data: *.penfolds.com *.site.com *.cloudfront.net *.flippingbook.com *.adyen.com *.doubleclick.net *.facebook.com *.adform.net *.mediavine.com *.postrelease.com *.360yield.com *.twiago.com *.adscale.de *.1rx.io *.meba.kr *.rubiconproject.com *.aralego.com *.daum.net *.adsrvr.org *.dotomi.com *.contextweb.com *.admixer.co.kr *.adsymptotic.com *.smrtb.com *.bnmla.com *.tpmn.co.kr *.zemanta.com *.stackadapt.com *.kakao.com *.toast.com *.outbrain.com *.addthis.com *.gstatic.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bidswitch.net *.salesforce.com *.googletagmanager.com *.googleapis.com *.paypal.com *.mookie1.com *.igodigital.com *.adnxs.com *.googleadservices.com *.zenaps.com *.placeholder.com *.facebook.net *.3lift.com *.ad-stir.com *.adtdp.com *.advertising.com *.bing.com *.casalemedia.com *.clmbtech.com *.criteo.com *.dmxleo.com *.ivitrack.com *.mgid.com *.omnitagjs.com *.pubmatic.com *.rlcdn.com *.sharethrough.com *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.tapad.com *.yahoo.com *.yieldmo.com *.dable.io *.adingo.jp *.gssprt.jp *.microad.jp *.demandware.net *.media.net *.openx.net *.smaato.net *.smartclip.net *.yieldlab.net *.teads.tv *.ants.vn *.adswizz.com *.serving-sys.com *.unsplash.com *.typekit.net *.linkedin.com *.vimeocdn.com *.hotjar.com *.mathtag.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in; font-src 'self' data: *.site.com *.sfdcstatic.com *.gstatic.com *.typekit.net *.hotjar.com *.ooyala.com *.formstack.com *.go2cloud.org; connect-src 'self' *.site.com *.analytics.google.com analytics.google.com *.flippingbook.com *.hotjar.com *.hotjar.io *.serving-sys.com *.paypal.com *.tryzens-analytics.com:12280 *.tryzens-analytics.com:12443 *.google-analytics.com *.googleapis.com *.tealiumiq.com *.facebook.net *.demandware.net *.ooyala.com *.getomneo.com *.force.com wss: *.yimg.com *.adobe.io *.snapchat.com; frame-src 'self' *.adsrvr.org *.vintagejournal.co *.doubleclick.net *.paypalobjects.com *.adyen.com *.hotjar.com *.facebook.com *.criteo.net *.paypal.com *.google.com *.force.com *.rezdy.com *.matterport.com *.criteo.com *.vimeo.com *.wayin.com *.typekit.net *.ooyala.com *.snazzymaps.com https://snazzymaps.com *.spotify.com *.exacttarget.com *.sfmc-content.com *.thefork.com.au *.lafourchette.com *.resy.com vimeo.com *.serving-sys.com *.flipsnack.com *.adobe.com *.opinionstage.com *.cloudfront.net *.penfolds.com *.snapchat.com *.bing.com *.google.com; worker-src 'self' blob: *.datatoolscloud.net.au *.adyen.com *.cloudflare.com *.cquotient.com *.dwin1.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.igodigital.com *.licdn.com *.paypal.com *.paypalobjects.com *.rezdy.com *.salesforceliveagent.com *.serving-sys.com *.tiqcdn.com *.polyfill.io *.doubleclick.net *.facebook.net 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.getwisp.co *.criteo.com *.subscribepro.com; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/tweau-cspdata; 4 report-uri https://gfcorporate.report-uri.com/r/d/csp/reportOnly ; default-src 'self' www.gfms.com gfms.com gfcorporate.report-uri.com *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ; connect-src 'self' *.google-analytics.com apikeys.civiccomputing.com maps.googleapis.com center.lon5.atomz.com clapi.civiccomputing.com sp1004e61f.guided.lon5.atomz.com sp1004e61a.guided.lon5.atomz.com sp1004e5dd.guided.lon5.atomz.com stats.g.doubleclick.net www.facebook.com uberall.com api.moin.ai www.gfpstools.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; font-src 'self' fonts.gstatic.com widget.moin.ai static-prod.uberall.com static.prod.uberall.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com ajax.googleapis.com cc.cdn.civiccomputing.com connect.facebook.net cdnjs.cloudflare.com gstatic.com maps.googleapis.com siteimproveanalytics.com snap.licdn.com static-prod.uberall.com uberall.com www.youtube.com www.pagespeed-mod.com www.googleoptimize.com mktdplp102cdn.azureedge.net www.pagespeed-mod.com widget.moin.ai r1.dotdigital-pages.com r1-t.trackedlink.net r1.ddlnk.net ; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com widget.moin.ai ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.georgfischer.com www.linkedin.com *.global.siteimproveanalytics.io nswow-imageresizer.azurewebsites.net px.ads.linkedin.com www.facebook.com *.google.com gfms.com www.gfms.com static-prod.uberall.com static.prod.uberall.com www.linkedin.com s7e5a.scene7.com *.g.doubleclick.net 38e76c47ade744b48fc12ad21059e592.svc.dynamics.com i.ytimg.com maps.gstatic.com www.gfpstools.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; child-src 'self' analytics-eu.clickdimensions.com live.solique.ch www.youtube.com ; form-action 'self' ; frame-ancestors 'self' ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics-eu.clickdimensions.com google.com ir.tools.investis.com irs.tools.investis.com live.solique.ch recruitingapp-5505.de.umantis.com registration.gesevent.com six-swiss-exchange.com tools.google.com uberall.com widget.moin.ai 38e76c47ade744b48fc12ad21059e592.svc.dynamics.com www.gfps.com ir2.flife.de www.youtube.com r1.dotdigital-pages.com youtube.com ; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 4 default-src *; script-src *; script-src-elem *; script-src-attr *; style-src *; style-src-elem *; style-src-attr *; img-src *; font-src *; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock; base-uri *; manifest-src *; report-uri https://revalize.report-uri.com/r/t/csp/reportOnly; report-to Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://revalize.report-uri.com/a/t/g"}],"include_subdomains":true} 4 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com data: *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com cdn.jst.ai ajax.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai *.paymetric.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://a.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.facebook.com *.fls.doubleclick.net googleapis.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * assets.adobedtm.com *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.youtube.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com unsafe-inline api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.adobe.io performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 4 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: p.typekit.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com maps.googleapis.com maps.gstatic.com *.stats.paypal.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com s7.addthis.com *.avada.io *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com *.nr-data.net *.newrelic.com maps.googleapis.com *.optimove *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.paypal.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.adobe.io performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://geoip-js.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.onetrust.com cdn.cookielaw.org *.riskified.com *.yotpo.com *.nr-data.net *.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com *.optimove *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 script-src 'self' 4 report-uri https://sentry.pressly.io/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 4 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tpj.report-uri.io/r/default/csp/reportOnly 4 font-src *.fontawesome.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com *.gstatic.com *.googleapis.com *.ggpht ts.tradetracker.net www.magmodules.eu *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.klarna.com *.klarnaservices.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io secure.payu.com secure.snd.payu.com *.googleapis.com *.gstatic.com *.trustpilot.com tm.tradetracker.net *.googletagmanager.com kinderkraft-staging.user.com *.user.com consentcdn.cookiebot.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.klarnacdn.net *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.trustpilot.com *.instagram.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net consentcdn.cookiebot.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com *.klarnacdn.net google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 frame-ancestors 'self'; report-uri /csp_logger 4 default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; report-uri https://628b65b960f085193bb6338b.endpoint.csper.io/?v=0; worker-src 'none'; 4 frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 3 default-src 'self'; connect-src 'self' 'unsafe-eval' *.adyen.com test-website-adyen.netlify.app acceptance-website-adyen.netlify.app preview-website-adyen.netlify.app production-website-adyen.netlify.app static.cloudflareinsights.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.gstatic.com *.recaptcha.net snap.licdn.com bat.bing.com connect.facebook.net static.ads-twitter.com static.hotjar.com *.marketo.net *.mktoresp.com *.mktoutil.com hm.baidu.com unpkg.com/web-vitals@2.1.0/ cdn.linkedin.oribi.io cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/ *.youtube.com cdn.segment.com *.segmentapis.com *.contentful.com ws.zoominfo.com *.doubleclick.net *.clarity.ms *.optimizely.com; frame-src *.doubleclick.net *.recaptcha.net *.optimizely.com *.youtube.com; img-src 'self' data: *.google-analytics.com *.google.com *.google.nl *.googletagmanager.com *.facebook.com adyen.getbynder.com *.cloudfront.net q.quora.com *.linkedin.com *.bing.com t.co/i/adsct analytics.twitter.com *.baidu.com *.pdst.fm *.adxcel-ec2.com *.clarity.ms; media-src 'self' data: *.google-analytics.com *.google.com *.google.nl *.googletagmanager.com *.facebook.com adyen.getbynder.com *.cloudfront.net q.quora.com *.linkedin.com *.bing.com t.co/i/adsct analytics.twitter.com *.baidu.com *.pdst.fm *.adxcel-ec2.com *.clarity.ms; script-src 'self' 'unsafe-eval' *.adyen.com test-website-adyen.netlify.app acceptance-website-adyen.netlify.app preview-website-adyen.netlify.app production-website-adyen.netlify.app static.cloudflareinsights.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.gstatic.com *.recaptcha.net snap.licdn.com bat.bing.com connect.facebook.net static.ads-twitter.com static.hotjar.com *.marketo.net *.mktoresp.com *.mktoutil.com hm.baidu.com unpkg.com/web-vitals@2.1.0/ cdn.linkedin.oribi.io cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/ *.youtube.com cdn.segment.com *.segmentapis.com *.contentful.com ws.zoominfo.com *.doubleclick.net *.clarity.ms *.optimizely.com 'unsafe-inline'; script-src-elem 'self' 'unsafe-eval' *.adyen.com test-website-adyen.netlify.app acceptance-website-adyen.netlify.app preview-website-adyen.netlify.app production-website-adyen.netlify.app static.cloudflareinsights.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.gstatic.com *.recaptcha.net snap.licdn.com bat.bing.com connect.facebook.net static.ads-twitter.com static.hotjar.com *.marketo.net *.mktoresp.com *.mktoutil.com hm.baidu.com unpkg.com/web-vitals@2.1.0/ cdn.linkedin.oribi.io cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/ *.youtube.com cdn.segment.com *.segmentapis.com *.contentful.com ws.zoominfo.com *.doubleclick.net *.clarity.ms *.optimizely.com 'unsafe-inline'; style-src 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; report-uri /api/postCspReport; 3 connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 3 object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 3 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://*.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://*.hotjar.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vod.video-cdn.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://*.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://*.hotjar.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 3 object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://accounts.google.com https://region1.google-analytics.com asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3 upgrade-insecure-requests 3 form-action *.salliemae.com *.qualtrics.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: t.myvisualiq.net *.doubleclick.net mid.rkdms.com play.vidyard.com *.salliemae.com rules.quantcount.com *.facebook.com adservice.google.com c1.sfdcstatic.com *.qualtrics.com *.everesttech.net *.force.com *.googlesyndication.com bat.bing.com *.omtrdc.net *.facebook.net *.demdex.net prreqcroab.icu *.rfihub.com www.google.com cdn.boomtrain.com secure.adnxs.com trk.clinch.co tags.tiqcdn.com www.googletagmanager.com action.dstillery.com cdn.cookielaw.org *.salesforceliveagent.com events.api.boomtrain.com people.api.boomtrain.com namdevice.com:7777 *.gstatic.com live.rezync.com pixel.quantserve.com secure.quantserve.com cdn.clinch.co *.onetrust.com; frame-ancestors 'self' ; report-uri /csp_report 3 default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 3 base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 3 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3 default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; worker-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; 3 upgrade-insecure-requests; base-uri 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://fonts.googleapis.com https://sdk.primer.io https://a.loveholidays.com; report-uri /csp-report/ 3 default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 3 form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.hotjar.com *.facebook.com www.google.ca rs.gwallet.com *.googleapis.com *.googleadservices.com images.contentstack.io api.7-eleven.com *.snapchat.com ka-p.fontawesome.com bat.bing.com adservice.google.com t.a3cloud.net *.googlesyndication.com www.google.com bam-cell.nr-data.net sc-static.net *.cloudfront.net *.adsrvr.org *.facebook.net www.google-analytics.com kit.fontawesome.com www.youtube.com *.gstatic.com www.googletagmanager.com nebula-cdn.kampyle.com kit-uploads.fontawesome.com udc-neb.kampyle.com ib.adnxs.com cdn.contentstack.io js-agent.newrelic.com; frame-ancestors 'self' ; report-uri /csp_report 3 default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com fonts.googleapis.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com; report-to csp~irideos.it 3 default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3 report-uri /_/csp-reports 3 frame-ancestors 'self'; report-uri /stf/reportiframe 3 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3 base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://api.botschool.ai wss://api.botschool.ai https://*.byside.com wss://*.byside.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://in.hotjar.com https://*.inside-graph.com wss://*.inside-graph.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.byside.com https://www.facebook.com https://connect.facebook.net https://gateway.zscaler.net; frame-ancestors 'self' https://www.meo.pt https://gateway.zscaler.net; frame-src 'self' https://*.meo.pt https://stags.bluekai.com https://s1.byside.com https://www.facebook.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.youtube.com https://*.meo.velocidi.io https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' data: https://*.meo.pt https://gateway.zscaler.net; report-to cspreportonly; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/ReportOnly; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://img.botschool.ai https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.meo.velocidi.io https://u.heatmap.it https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://img.botschool.ai https://*.byside.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://fast.fonts.net https://gateway.zscaler.net https://selo.confio.pt; worker-src 'self' 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.siteimprove.net; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.siteimprove.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 3 default-src * data:; script-src * 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr *; style-src * 'unsafe-inline' blob:; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src * 'self' blob:; media-src * 'self' blob:; object-src * 'self' 'unsafe-inline' blob:; prefetch-src * 'self' blob:; child-src * 'self' blob:; frame-src * 'self' blob:; worker-src * 'self' blob:; frame-ancestors * 'self' blob:; form-action *; upgrade-insecure-requests; base-uri * 'self'; manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 3 font-src *.googleapis.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com *.iterable.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com *.affirm.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com unpkg.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com resources.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.affirm.com bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3 default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 3 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily 3 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 3 font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.adventr.io *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.techtarget.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms app.hushly.com hubfront.hushly.com cdn.bizible.com *.acquia.com *.bugsnag.com *.acquia.io; font-src * data:; frame-src 'self' static.addtoany.com *.lift.acquia.com *.acquia.io; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com cdn.bizible.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.techtarget.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com app.hushly.com hubfront.hushly.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com *.lift.acquia.com *.acquia.io http://www.forgerock.com blob: cdn.jsdelivr.net https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com app.hushly.com hubfront.hushly.com; report-uri https://forgerock.report-uri.com/r/t/csp/reportOnly 3 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: kyruus-app-static.kyruus.com www.google.com www.google-analytics.com *.adsrvr.org www.googletagmanager.com kloggyr-service.kyruus.com use.typekit.net 6147797.global.siteimproveanalytics.io cdn.evgnet.com www.googleoptimize.com cdn.kyruus.com *.prismahealth.org ka-p.fontawesome.com *.evergage.com p.typekit.net kit.fontawesome.com *.doubleclick.net ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 3 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3 frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.marker.io https://cdn.jsdelivr.net https://cdn.wmxtools.com https://form-db.wmxtools.com https://play.vidyard.com https://static.hotjar.com https://script.hotjar.com https://www.googleoptimize.com https://*.wistia.com https://*.wistia.net https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://bat.bing.com https://r.bing.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://js-agent.newrelic.com https://*.nr-data.net https://pi.pardot.com https://*.ep-mimecast.ads-twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://t.co https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com https://www.clarity.ms https://www.youtube.com https://m.youtube.com https://use.fontawesome.com https://kit.fontawesome.com fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://tracking.g2crowd.com *.omappapi.com a.optnmnstr.com static.addtoany.com unpkg.com cdn.calltrk.com js.calltrk.com; style-src 'self' 'unsafe-inline' blob: code.jquery.com fast.wistia.com *.bing.com www.googletagmanager.com tagmanager.google.com *.licdn.com *.omappapi.com platform.twitter.com *.google.com ajax.googleapis.com *.fontawesome.com *.typekit.net; object-src embedwistia-a.akamaihd.net *.googlesyndication.com; frame-src 'self' *.marker.io experience.zelis.com play.vidyard.com vars.hotjar.com *.wistia.com *.wistia.net *.vimeo.com vimeo.com sdx.microsoft.com *.facebook.com connect.facebook.net www.googletagmanager.com www.linkedin.com go.pardot.com *.twitter.com twitter.com *.google.com *.doubleclick.net *.googlesyndication.com maps.google.com maps.googleapis.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com *.youtube.com www.youtube-nocookie.com cdnjs.cloudflare.com; frame-ancestors 'self' pi.pardot.com t.co twitter.com; child-src blob: *.vimeo.com vimeo.com *.facebook.com connect.facebook.net www.googletagmanager.com platform.twitter.com *.google.com *.doubleclick.net *.googlesyndication.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.youtube.com; img-src * 'self' data: script.hotjar.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.vimeocdn.com *.vimeo.com *.bing.com *.microsoft.com *.facebook.com *.facebook.net *.fbcdn.net www.googletagmanager.com *.linkedin.com *.licdn.com p.adsymptotic.com *.nr-data.net t.co *.twitter.com twitter.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com ajax.googleapis.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.clarity.ms *.ytimg.com *.youtube.com fonts.gstatic.com *.typekit.net; font-src 'self' data: *.omappapi.com script.hotjar.com *.wistia.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; base-uri 'self' ; connect-src 'self' data: *.marker.io hubspot-forms-static-embed.s3.amazonaws.com *.omappapi.com api.omappapi.com api.opmnstr.com unpkg.com js.calltrk.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: vimeo.com *.bing.com wss://*.bing.com *.facebook.com connect.facebook.net www.googletagmanager.com *.linkedin.com *.licdn.com *.nr-data.net t.co *.twitter.com twitter.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com maps.googleapis.com maps.google.com ajax.googleapis.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.clarity.ms *.fontawesome.com fonts.googleapis.com fonts.gstatic.com use.typekit.net performance.typekit.net; media-src data: blob: embedwistia-a.akamaihd.net *.wistia.net *.wistia.com *.vimeo.com vimeo.com media.licdn.com dai.google.com; prefetch-src *.googlesyndication.com; worker-src blob: www.google.com; form-action 'self' 'unsafe-eval' *.facebook.com connect.facebook.net *.twitter.com *.google.com forms.hsforms.com forms.hubspot.com; report-uri https://wmxzelisnew.report-uri.com/r/d/csp/wizard 3 font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-report.ctidigital.com/report; report-to report-endpoint; 3 default-src 'self'; script-src 'self' 'unsafe-inline' about: data: 'unsafe-eval' cdn.jsdelivr.net js.hs-analytics.net cdn-crypto.weltsparen.de api.smooch.io vwvwvwvw.b-cdn.net amplify.outbrain.com cdn-invest.weltsparen.de data1.fiktar.com doboto.sagazujeco.com www.googleadservices.com cdn.taboola.com www.googletagmanager.com googleads.g.doubleclick.net app.usercentrics.eu d1y068gyog18cq.cloudfront.net script.hotjar.com js.hs-analytics.net js.hs-banner.com tr.outbrain.com privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin-pension.de www.weltsparen.de cdnjs.cloudflare.com blob: static.hotjar.com cdn.weltsparen.de connect.facebook.net bat.bing.com js.hs-scripts.com cdn.taboola.com amplify.outbrain.com s.d.adup-tech.com webanalytics.btelligent.net www.google-analytics.com trc.taboola.com d.adup-tech.com; style-src 'self' 'unsafe-inline' *.kaspersky-labs.com cdn-crypto.weltsparen.de cdn.weltsparen.de cdn.jsdelivr.net fonts.googleapis.com translate.googleapis.com www.raisin-pension.de www.weltsparen.de cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; report-uri /_/reports; connect-src 'self' api2.weltsparen.de api2.raisin.com zendesk-eu.my.sentry.io consent-api.service.consent.usercentrics.eu trc.taboola.com csmetrics.hotjar.com about: www.google-analytics.com consent-api.service.consent.usercentrics.eu content.hotjar.io my.yoast.com csmetrics.hotjar.com my.yoast.com bam.nr-data.net vc.hotjar.io in.hostjar.com www.facebook.com cds.taboola.com service-proxy-logger-wfcmkywozq-ey.a.run.app in.hotjar.com bat.bing.com invest.raisin.com raisin.exponea.com logger.service.usercentrics.eu ws43.hotjar.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com trc-events.taboola.com t.d.adup-tech.com region1.google-analytics.com stats.g.doubleclick.net collector.raisin.com www.weltsparen.de api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com events.launchdarkly.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu weltsparen-de.zendesk.com api.raisin-pension.de api.weltsparen.de static.zdassets.com s3.eu-central-1.amazonaws.com auth.weltsparen.de; font-src 'self' about: fonts.gstatic.com cdn-crypto.weltsparen.de www.weltsparen.de www.raisin-pension.de cdn.weltsparen.de data:; frame-src 'self' *.kaspersky-labs.com www.googletagmanager.com gateway.zscalertwo.net saml.saasprotection.com app.usercentrics.eu td.doubleclick.net vars.hotjar.com auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.weltsparen.de; img-src 'self' static.zdassets.com www.google.lt translate.google.com bam.eu01.nr-data.net about: d.adup-tech.com is2-ssl.mzstatic.com storage.googleapis.com www.google.co.za www.google.ch cdn-crypto.weltsparen.de img.youtube.com cds.taboola.com support.adcleanerpage.com googleads.g.doubleclick.net region1.google-analytics.com data: bat.bing.com www.google.es www.google.at www.google.nl www.google.co.uk cds.taboola.com secure.gravatar.com tr.outbrain.com webanalytics.btelligent.net t.d.adup-tech.com www.google-analytics.com track.hubspot.com www.facebook.com www.google.com www.google.de app.usercentrics.eu www.googletagmanager.com www.gstatic.com www.weltsparen.de eu-images.contentstack.com uct.service.usercentrics.eu cdn.weltsparen.de deposit-solutions.zendesk.com www.raisin-pension.de static.raisin-pension.de ; manifest-src 'self'; child-src 'self' blob:; media-src 'self' data:; frame-ancestors *.weltsparen.de vars.hotjar.com; 3 font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com data:; default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com *.countyofsb.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 3 default-src https: 'unsafe-inline' data: 3 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 3 default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data: about: ; connect-src https: wss: 'self'; worker-src https: blob: 'self'; 3 report-uri https://o818257.ingest.sentry.io/api/5807773/security/?sentry_key=ed7ad4e8f86243c78f3011320dce22fe 3 default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 3 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 3 base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co *.searchiq.co https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://*.addthis.com *.addthis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://m.addthis.com m.addthis.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com *.instagram.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.addthis.com *.addthis.com https://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co *.searchiq.co https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com *.instagram.com https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.addthis.com *.addthis.com https://*.addthisedge.com *.addthisedge.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com *.hypemarks.com https://*.moatads.com *.moatads.com https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3 default-src 'self' data: blob: *.visiondirect.co.uk https://*.visiondirect.info https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net https://*.salesforce.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.klarna.com https://widget.trustpilot.com https://*.optimizely.com https://*.dycdn.net https://*.facebook.net https://static.zdassets.com https://www.zenaps.com https://*.contentsquare.net https://*.google.co.uk wss://*.freshrelevance.com https://*.freshrelevance.com https://*.doubleclick.net https://*.facebook.com https://*.tiktok.com https://bat.bing.com https://*.wistia.com https://*.litix.io https://*.awin1.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' blob: *;style-src 'unsafe-inline' *;font-src * data:;worker-src 'self' data: blob:;frame-src 'self' https://*.google.com https://*.youtube.com https://*.facebook.com https://*.optimizely.com https://*.salesforce.com https://*.klarna.com https://*.trustpilot.com https://*.davidclulow.com https://analytics.tiktok.com;report-uri /content/csp_report;frame-ancestors 'self'; 3 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' pt d2oh4tlt9mrke9.cloudfront.net www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com; connect-src 'self' ws.sessioncam.com *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com; worker-src blob:; 3 default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 3 default-src 'self' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com blob:; style-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; img-src 'self' 'unsafe-inline' *.google-analytics.com cdn.jsdelivr.net blob: data:; worker-src blob:; 3 default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com https://*.fontawesome.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.simplecast.com; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 3 base-uri 'self'; default-src 'none'; child-src 'none'; connect-src 'self' https://widget.marktjagd.de https://spotlight.offerista.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net; font-src 'self' https://fonts.gstatic.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com; form-action 'self'; img-src 'self' https://* http://* * data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/css https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; report-uri /csprep.php 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 3 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://draft.blogger.com/cspreport 3 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 3 child-src 'self' blob: https://youtube.com https://www.youtube.com https://plusone.google.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://facebook.com https://connect.facebook.net https://platform.twitter.com https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://www.clarity.ms https://d.clarity.ms https://*.doubleclick.net https://tr.snapchat.com https://servedby.flashtalking.com https://insight.adsrvr.org https://vars.hotjar.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com s7.addthis.com; script-src-elem 'self' 'unsafe-inline' walibi.fr https://apis.google.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://service.maxymiser.net https://snap.licdn.com https://t.contentsquare.net https://youtube.com https://www.youtube.com https://plusone.google.com https://www.gstatic.com https://facebook.com https://connect.facebook.net https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://*.clarity.ms https://cdn.goldenbees.fr https://tag.goldenbees.fr https://sc-static.net https://js-agent.newrelic.com https://api.ipify.org https://s.pinimg.com https://js.adsrvr.org https://insight.adsrvr.org https://static.hotjar.com https://script.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com s7.addthis.com 3 font-src *.gstatic.com 'self' data: *.fontawesome.com maxcdn.bootstrapcdn.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.googleapis.com *.twitter.com *.twimg.com *.zopim.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.google.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.google.com *.youtube.com *.twitter.com *.facebook.com *.hotjar.com *.packeta.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com data: *.facebook.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.cz *.twitter.com *.twimg.com *.facebook.net *.ytimg.com *.imedia.cz *.zopim.com *.heureka.cz *.heureka.sk *.seznam.cz 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net maps.googleapis.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google-analytics.com *.googleadservices.com *.gstatic.com *.googlesyndication.com *.twitter.com *.twimg.com *.facebook.com *.fontawesome.com *.hotjar.com *.doubleclick.net *.imedia.cz *.doofinder.com *.packeta.com *.cookiehub.com cookiehub.net *.zdassets.com *.zopim.com *.sentry-cdn.com *.seznam.cz *.dognet.sk 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.cookiehub.com cookiehub.net *.zopim.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.sentry.io *.google-analytics.com *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local *.google.com *.googleapis.com *.doubleclick.net *.twitter.com *.twimg.com *.doofinder.com *.googlesyndication.com *.zdassets.com wss://widget-mediator.zopim.com *.cookiehub.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.enbook.cz *.enbook.sk *.enbook.pl *.enbook.hu *.enbook.ro *.endisc.cz *.endisc.sk *.endisc.pl *.endisc.hu *.endisc.ro *.vegadesign.cz *.vegadesign.local 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.sagepay.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.nosto.com *.nos.to www.googletagmanager.com js.klevu.com *.ksearchnet.com s7.addthis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline downloads.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 script-src-elem webcache.datareporter.eu webcache-eu.datareporter.eu; style-src-elem https://webcache.datareporter.eu https://webcache-eu.datareporter.eu; font-src https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.pay1.de payments.amazon.de www.jsctool.com www.xtento.com https://plumrocket.com https://www.youtube.com/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com 'self' data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ https://*.usercentrics.eu/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.datareporter.eu *.plugins.emarsys.net *.scarabresearch.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ https://*.zdassets.com/ https://*.usercentrics.eu/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://webcache.datareporter.eu d.ratepay.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com *.datareporter.eu *.scarabresearch.com *.eservice.emarsys.net payments.amazon.de d.ratepay.com www.jsctool.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com t.elasticsuite.io *.google-analytics.com https://cdn.cookielaw.org/ https://*.zdassets.com/ https://*.usercentrics.eu/ https://hjhoffice.zendesk.com/ wss://widget-mediator.zopim.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 3 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.io/r/default/csp/reportOnly 3 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/ *.adyen.com https://www.googletagmanager.com/ www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.google.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.newrelic.com gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self'; script-src 'self' https://api.observablehq.com https://cdn.jsdelivr.net https://cdn.openai.com https://unpkg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://github.githubassets.com; img-src 'self' data: https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://i.vimeocdn.com https://images.openai.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://cdn.jsdelivr.net https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://gist.githubusercontent.com https://o33249.ingest.sentry.io https://openaicom-api-bdcpf8c6d2e9atf6.z01.azurefd.net https://static.observableusercontent.com https://www.google-analytics.com; media-src 'self' https://cdn.openai.com https://openaicomproductionae4b.blob.core.windows.net; object-src 'none'; frame-src 'self' https://player.twitch.tv https://player.vimeo.com https://w.soundcloud.com; base-uri 'self'; manifest-src 'self'; report-uri https://openai.report-uri.com/r/d/csp/reportOnly 2 default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 2 form-action 'self'; manifest-src 'self'; report-uri https://csp-flkt.domdog.io/report-uri/flipkart.com/3/2-1 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe; 2 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' https://www.gstatic.com 2 default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 2 default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 2 script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://unpkg.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2 default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googvaragmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com https://821881030.privacysandbox.googleadservices.com/ https://bifrost-https-v4.gw.postman.com https://voyager.postman.com https://res.cloudinary.com https://app.launchdarkly.com https://events.launchdarkly.com https://api.amplitude.com https://clientstream.launchdarkly.com wss://ws1.hotjar.com https://worldtimeapi.org https://www.postman.com https://static.cloudflareinsights.com https://api.channel99.com https://events.gw.postman.com https://lp.postman.com https://067-umd-991.mktoutil.com https://api.c99.ai/api/v1/fire 'unsafe-inline'; form-action 'self'; base-uri 'self'; 2 default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cse.google.com 1468.global.siteimproveanalytics.io *.facebook.com ka-f.fontawesome.com nj.gov placeimg.com *.addthis.com www.rnengage.com *.ads-twitter.com adservice.google.com sdk.amazonaws.com clients1.google.com *.state.nj.us njdoc.gov imgssl.constantcontact.com *.custhelp.com www.njsp.org *.gstatic.com use.typekit.net *.nj.gov www.google.com p.typekit.net use.fontawesome.com maxcdn.bootstrapcdn.com region1.google-analytics.com *.arcgis.com www.googletagmanager.com oss.maxcdn.com *.googleapis.com stackpath.bootstrapcdn.com static.dialogflow.com public.govdelivery.com siteimproveanalytics.com 77497.global.siteimproveanalytics.io content.govdelivery.com cdn.jsdelivr.net server.arcgisonline.com *.adsrvr.org *.googleadservices.com www.youtube.com cognito-identity.us-east-1.amazonaws.com 6291948.global.r2.siteimproveanalytics.io www.credit-card-logos.com *.facebook.net *.youtube-nocookie.com code.jquery.com cdnjs.cloudflare.com translate.google.com kit.fontawesome.com fonts.gstatic.com www.njaqinow.net *.doubleclick.net *.cloudfront.net www.google-analytics.com *.fbcdn.net 77604.global.siteimproveanalytics.io *.twitter.com malsup.github.io; form-action *.googleapis.com *.nj.gov www.google.com *.state.nj.us nj.gov; frame-ancestors 'self' ; report-uri /csp_report 2 script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.knightlab.com https://dap.digitalgov.gov platform.twitter.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net https://cdn.knightlab.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2 frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2 block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 2 frame-src 'self' bat.bing.com https://*.blackbaudhosting.com https://blackbaud.com https://*.doubleclick.net https://embed.tawk.to https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.kaltura.com https://snap.licdn.com https://www.podbean.com sc-static.net *.snapchat.com https://www.youtube-nocookie.com https://www.youtube.com https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://www.google.com https://www.facebook.com https://libraryhelp.shef.ac.uk https://theaccessplatform.com https://tappage.theaccessplatform.com https://www.googletagmanager.com https://www.findaphd.com https://player.vimeo.com https://app.geckoform.com https://roundme.com https://spaces.wondavr.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.hotjar.com https://*.kaltura.com https://*.snapchat.com https://*.blackbaudhosting.com https://*.doubleclick.net https://analytics.tiktok.com https://app.geckoform.com https://bat.bing.com https://blackbaud.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.theaccessplatform.com https://connect.facebook.net https://discoveruni.gov.uk https://embed.tawk.to https://embed.geckochat.io https://libraryhelp.shef.ac.uk https://player.vimeo.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://tappage.theaccessplatform.com https://theaccessplatform.com https://widget.discoveruni.gov.uk https://www.facebook.com https://www.findaphd.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.podbean.com https://www.youtube-nocookie.com https://www.youtube.com https://api.mapbox.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' *.blackbaud.com *.blackbaudhosting.com geolocation.onetrust.com https://*.bing.com https://*.fls.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.shef.ac.uk https://*.theaccessplatform.com https://*.twitter.com https://ajax.googleapis.com https://analytics.tiktok.com https://app.geckoform.com https://cdn.cookielaw.org https://connect.facebook.net https://embed.geckochat.io https://embed.tawk.to https://googleads.g.doubleclick.net https://player.vimeo.com https://sc-static.net https://search.sheffield.ac.uk https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114 https://tagmanager.google.com https://tr.snapchat.com https://translate.google.com https://www.findaphd.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha https://www.youtube.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'report-sample' *.theaccessplatform.com https://bbox.blackbaudhosting.com https://embed.geckochat.io https://fonts.geckoform.com https://fonts.googleapis.com https://payments.blackbaud.com https://www.findaphd.com https://www.googletagmanager.com https://www.gstatic.com https://www.gstatic.com/_/translate_http https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk https://tr.snapchat.com https://www.facebook.com/tr/; frame-ancestors 'self' 2 object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com unpkg.com; script-src-attr 'self'; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2 frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://static.zdassets.com https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 2 default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.hotjar.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: blob: http://faq.gigabyte.com; font-src 'self' fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com http://www.youtube.com *.facebook.com *.doubleclick.net *.hotjar.com *.gigabyte.com *.gigabyte.com.tw; 2 "default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.allposters.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com *.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com code.jquery.com *.intercom.io *.artprintimages.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/artal;" 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.akamai.net *.convertexperiments.com *.flickr.com https://*.hotjar.com *.google.com *.sierraclub.org *.twitter.com cdn.ampproject.org cdn.hypemarks.com cdn.jsdelivr.net cdn.optimizely.com connect.facebook.net google-analytics.com google.com googletagmanager.com instagram.com js.maxmind.com maps.googleapis.com partner.googleadservices.com pixel.sitescout.com public.tableau.com reddit.com scribd.com snap.licdn.com unpkg.com v1.addthisedge.com widgets.pinterest.com z.moatads.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: *.sierraclub.org cdn.honey.io cdn.jsdelivr.net cdn.knightlab.com cdnjs.cloudflare.com cloud.typography.com https://*.hotjar.com fonts.googleapis.com google.com pro.fontawesome.com; img-src * 'unsafe-inline' blob: data: https:; media-src 'self' data:; frame-src 'self' https: *.addthis.com *.doubleclick.net *.fls.doubleclick.net *.ggusd.us *.google.com https://*.hotjar.com *.optimizely.com *.s3.amazonaws.com *.sierraclub.org *.stpsb.org *.twitter.com block.opendns.com blocked.goguardian.com calendar.google.com cdn.bannersnack.com ckreport.lisd.net clubvolunteer.org facebook.com funnyordie.com gateway.zscalertwo.net global.acs.prismaaccess.com googletagmanager.com instagram.com m.facebook.com maphub.net meetup.com mozbar.moz.com player.vimeo.com public.tableau.com quorum.us rcm-na.amazon-adsystem.com s7.addthis.com spur.maps.arcgis.com static.contextall.com trustpoint-lax.northcentraltrust.com vpn.myips.org web.facebook.com youtube-nocookie.com youtube.com; frame-ancestors 'self' https: sierraclub.org; child-src 'self'; font-src 'self' data: https: *.sierraclub.org at.alicdn.com cdn.honey.io cdn.jsdelivr.net https://*.hotjar.com fonts.gstatic.com pro.fontawesome.com slant.co; connect-src 'self' https: *.addthis.com *.doubleclick.net *.google-analytics.com *.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.optimizely.com *.sierraclub.org cdn.linkedin.oribi.io csp.withgoogle.com facebook.com geoip-js.com google-analytics.com googletagmanager.com logx.optimizely.com m.addthis.com maps.googleapis.com s7.addthis.com secure.geonames.org stats.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' ; report-uri /csp-violation-report-endpoint/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.anaconda.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ws.zoominfo.com https://tag.clearbitscripts.com https://cdn.transcend.io https://cdn.bizible.com https://js.driftt.com https://dev.visualwebsiteoptimizer.com https://snap.licdn.com https://cdn.heapanalytics.com https://static.hotjar.com https://munchkin.marketo.net https://connect.facebook.net https://js.adsrvr.org https://scout-cdn.salesloft.com https://secure.adnxs.com https://tag.demandbase.com https://cdn-app.pathfactory.com https://boards-api.greenhouse.io https://know.anaconda.com https://boards.greenhouse.io https://x.clearbitjs.com https://vidassets.terminus.services https://script.hotjar.com https://jukebox.pathfactory.com https://event.api.drift.com https://*.drift.com https://targeting.api.drift.com https://metrics.api.drift.com https://www.anaconda.com https://dev.visualwebsiteoptimizer.com/j.php www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn.transcend.io https://know.anaconda.com https://boards.greenhouse.io https://www.anaconda.com https://dev.visualwebsiteoptimizer.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://px.ads.linkedin.com https://secure.adnxs.com https://cdn.bizible.com https://cdn.bizibly.com https://heapanalytics.com https://jukebox.pathfactory.com https://boards.greenhouse.io https://id.rlcdn.com https://www.facebook.com https://wec-assets.terminus.services https://segments.company-target.com https://dev.visualwebsiteoptimizer.com https://px4.ads.linkedin.com https://match.adsrvr.org https://www.anaconda.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://jukebox.pathfactory.com https://scout.salesloft.com https://cdn.transcend.io https://telemetry.transcend.io https://boards.greenhouse.io https://api.company-target.com https://387-xnw-688.mktoresp.com https://www.facebook.com https://app.clearbit.com https://cdn.linkedin.oribi.io https://dev.visualwebsiteoptimizer.com https://js.driftt.com https://x.clearbitjs.com https://event.api.drift.com https://targeting.api.drift.com https://metrics.api.drift.com https://www.anaconda.com https://387-xnw-688.mktoutil.com https://segments.company-target.com https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com/j.php *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src * ; frame-src 'self' https://js.driftt.com https://know.anaconda.com https://sync.transcend.io https://anaconda.cloud https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org https://event.api.drift.com https://targeting.api.drift.com https://metrics.api.drift.com https://api.company-target.com https://dev.visualwebsiteoptimizer.com https://s.company-target.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; frame-ancestors * https://anaconda.cloud; block-all-mixed-content; report-uri https://www.anaconda.com?gdsih-csp-report; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org rs.fullstory.com analytics.google.com secure.gravatar.com www.google-analytics.com www.google.co.jp www.google.co.in www.google.de cdn.bizible.com *.optimizely.com imperva.piwik.pro *.linkedin.com *.vimeo.com munchkin.marketo.net www.brighttalk.com *.googleapis.com www.youtube.com go.imperva.com cdn.linkedin.oribi.io region1.analytics.google.com b.6sc.co edge.fullstory.com *.licdn.com *.doubleclick.net imperva.containers.piwik.pro www.google.co.za *.onetrust.com www.google.co.uk bam.nr-data.net cdn.bizibly.com www.google.co.id www.google.co.il js.driftt.com www.google.com www.google.com.br *.mktoresp.com ipv6.6sc.co www.googletagmanager.com c.6sc.co www.google.com.my js-agent.newrelic.com www.google.com.vn jscloud.net adservice.google.com *.gstatic.com www.google.com.au j.6sc.co ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 2 default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net https: 'unsafe-inline' 'self'; font-src http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com *.cookielaw.org *.windows.net data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' storage.googleapis.com cdn.ravenjs.com tpc.googlesyndication.com cdn.ampproject.org sb.scorecardresearch.com cdnjs.cloudflare.com www.google.com cdn.jsdelivr.net *.google-analytics.com clk.2trk.info client.px-cloud.net polyfill.io d2r1yp2w7bby2u.cloudfront.net www.googletagmanager.com www.googleoptimize.com wzrkt.com js-agent.newrelic.com googleads.g.doubleclick.net bat.bing.com *.hotjar.com www.googleadservices.com s.adx.io *.criteo.com migs.mastercard.com.au connect.facebook.net cdn.branch.io static.ads-twitter.com www.recaptcha.net app.link www.gstatic.com browser.sentry-cdn.com *.cltpstatic.com cdn.inspectlet.com static.criteo.net *.nr-data.net cdn.preciso.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com storage.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net use.fontawesome.com *.cltpstatic.com rsms.me fonts.googleapis.com fontlibrary.org blob:; connect-src 'self' google.com *.google.com *.doubleclick.net sentry.io cdn.preciso.net cdn.ampproject.org *.facebook.com *.criteo.com cdn.ravenjs.com *.google-analytics.com *.branch.io *.px-cloud.net *.cltpstatic.com *.nr-data.net www.google.co.in bat.bing.com vc.hotjar.io in.hotjar.com b.px-cdn.net *.cleartrip.com hn.inspectlet.com; frame-src 'self' tpc.googlesyndication.com asia.creativecdn.com *.doubleclick.net vars.hotjar.com *.criteo.com static.criteo.net ck.2trk.info my.rtmarks.net redirtrack.tech www.recaptcha.net; form-action api.razorpay.com; font-src 'self' use.fontawesome.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com storage.googleapis.com rsms.me *.cltpstatic.com fonts.gstatic.com fontlibrary.org; img-src data: https://*; manifest-src 'self' fastui.cltpstatic.com; media-src 'self' fastui.cltpstatic.com; object-src 'none'; base-uri 'self'; worker-src 'self'; frame-ancestors 'self'; report-uri https://csp-flkt.domdog.io/report-uri/flipkart.com/2/1-2; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2 report-uri https://www.feedingamerica.org/report-uri/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; block-all-mixed-content 2 default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.betsolutions.com *.yahoo.com *.criteo.net *.criteo-sync.teads.tv *.criteo.com *.ligatus.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.sync.com *.ivitrack.com *.yieldmo.com *.criteo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.nsoft-cdn.com *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com; img-src * data:; report-uri /csp/cspreport/ 2 default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2 default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 2 default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com ; frame-src 'self' *.scribd.com ; frame-ancestors 'self' *.scribd.com ; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' *.gstatic.com *.crazyegg.com http://*.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com *.cookielaw.org *.doubleclick.net *.adobedtm.com *.everestjs.net *.googleadservices.com *.googletagmanager.com *.googleapis.com *.sftoaa.com *.everestjs.net *.invocacdn.com *.invoca.net *.marketo.net *.crazyegg.com *.licdn.com http://*.cloudfront.net *.facebook.net; frame-src *.doubleclick.net *.everesttech.net *.demdex.net *.everestjs.net *.force.com *.crazyegg.com http://*.cloudfront.net; img-src 'self' 'unsafe-inline' data: *.scene7.com *.googleapis.com *.gstatic.com *.postimg.cc *.viasat.com *.googletagmanager.com *.google.com https://www.google-analytics.com *.doubleclick.net *.everesttech.net *.demdex.net *.linkedin.com *.facebook.com *.crazyegg.com http://*.cloudfront.net; script-src-elem 'self' 'unsafe-inline' *.marketo.com *.scene7.com *.qualtrics.com *.conductor.com *.viasat.com *.amazonaws.com http://*.cloudfront.net *.cookielaw.org *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com/ *.adobedtm.com *.googleapis.com *.sftoaa.com *.everestjs.net *.invocacdn.com *.invoca.net *.marketo.net *.crazyegg.com *.licdn.com *.facebook.net; connect-src 'self' 'unsafe-inline' *.scene7.com *.qualtrics.com *.facebook.com *.cookielaw.org http://*.cloudfront.net *.everesttech.net *.google.com https://www.google-analytics.com/ *.doubleclick.net *.googleapis.com *.demdex.net *.omtrdc.net *.mktoresp.com *.crazyegg.com; style-src-elem 'self' 'unsafe-inline' *.marketo.com *.googleapis.com 2 block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2 child-src 'self' tickets.papaki.com help.papaki.com support.papaki.gr accounts.google.com cdn.papaki.com payform.everypay.gr esecure.sia.eu payform-api.everypay.gr tpc.googlesyndication.com vpos.eurocommerce.gr; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; form-action 'self' vpos.eurocommerce.gr www.facebook.com eu.gateway.mastercard.com; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; font-src 'self' https:; media-src assets-eu1-cloud.deskpro.com cdn.papaki.com; object-src 'self'; style-src 'self' 'unsafe-inline' assets-eu1-cloud.deskpro.com cdn.papaki.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com; report-uri https://53af897d0dcebe7788bb17e0b500e3ef.report-uri.com/r/d/csp/wizard 2 report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; font-src 'self' https://assets.in-cdn.net/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data: https://v2assets.zopim.io https://static.zdassets.com; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; style-src 'unsafe-inline' https://assets.in-cdn.net/ https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 2 default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https: wss: moz-extension: chrome-extension: http://fonts.googleapis.com/ http://whova.com http://*.twimg.com; report-uri https://whova.com/_csp 2 default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.euro.confirmit.com *.getsitecontrol.com *.episerver.net *.siteimproveanalytics.com *.sitester.com; style-src 'self' https: 'unsafe-inline'; font-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self'; frame-src *.kaltura.nordu.net *.slu.se *.emg-srs.com *.youtube.com; frame-ancestors 'self'; connect-src 'self' *.vizzit.se digitalfeedback.euro.confirmit.com; 2 form-action none; default-src 'self'; upgrade-insecure-requests frame-ancestors 'self' https://teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://arachnid.azurewebsites.net; base-uri 'self'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' http://amcdn.msftauth.net https://amcdn.msftauth.net https://ajax.aspnetcdn.com https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com 'report-sample'; style-src 'self' 'unsafe-inline' https://*.office.net 'report-sample'; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://augloop-dogfood.officeppe.com wss://*.augloop-dogfood.officeppe.com wss://augloop.office.com wss://*.augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com *.office.net; frame-src 'self' https://* https://webshell.suite.office.com; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2 default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytescm.com;style-src 'unsafe-inline' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn *.zijieapi.com;img-src *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster *.bytednsdoc.com *.bytescm.com *byteacctimg.com *.bytecdn.com;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 2 form-action 'self' *.facebook.com; frame-ancestors 'self'; frame-src 'self' *.workhuman.com *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.facebook.com cookie.havasedge.com fast.wistia.net ; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; worker-src blob:; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly 2 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::R_APROD_3_4_0 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.gstatic.com https://moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net; report-uri https://moneybird.com/csp_report; 2 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2 script-src 'self' https://www.google-analytics.com https://www.buzzsprout.com https://connect.facebook.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://analytics.twitter.com; img-src 'self' data: https://craftassets.unraid.net https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; font-src 'self' data:; default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://api.company-target.com http://api.company-target.com api.company-target.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://match.prod.bidr.io http://match.prod.bidr.io match.prod.bidr.io https://segments.company-target.com http://segments.company-target.com segments.company-target.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline' 2 default-src 'none'; frame-ancestors 'none'; base-uri 'self'; object-src 'self'; child-src 'self'; img-src 'self' stats.g.doubleclick.net www.google-analytics.com; font-src 'self'; form-action 'self'; manifest-src 'self'; style-src 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; style-src-elem 'unsafe-inline' 'self' www.googletagmanager.com tagmanager.google.com; worker-src 'self'; script-src 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; script-src-elem 'unsafe-inline' 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; connect-src 'self' cdn5.userzoom.com cdn.jsdelivr.net api-us.fundpress.io bam.nr-data.net player.vimeo.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com; report-to csp-endpoint; report-uri /beacon/deprecated/csp; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; 2 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2 worker-src 'self' blob: *.crazyegg.com; child-src 'self' * blob: https: ; report-uri /CSP-report-only 2 frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 2 string 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 2 default-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'none' 2 font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.mention-me.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.klarnacdn.net *.mention-me.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com *.klarnaservices.com js.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.klarnaevt.com *.mention-me.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' unsafe-inline; frame-src 'self' unsafe-inline; style-src unsafe-inline report-sample 'self'; script-src report-sample 'self' unsafe-inline; 2 default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org maxcdn.bootstrapcdn.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent.cookiebot.com stats.epayworldwide.com fonts.gstatic.com *.googleapis.com consentcdn.cookiebot.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 object-src 'none'; script-src 'self' 'unsafe-inline' addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.eloqua.com fast.fonts.net cdn.datatables.net *.oraclecloud.com code.jquery.com cdnjs.cloudflare.com *.gstatic.com siteimproveanalytics.com maxcdn.bootstrapcdn.com momentjs.com *.custhelp.com 6009835.global.siteimproveanalytics.io www.youtube.com *.facebook.net img04.en25.com www.rnengage.com www.google-analytics.com cdn01.boxcdn.net www.google.com *.doubleclick.net www.googletagmanager.com *.googleapis.com; form-action www.sagaftra.org; frame-ancestors 'self' ; report-uri /csp_report 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2 frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 2 report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 2 default-src 'self'; frame-src *.recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'sha256-fKUny+NOkdWECrddjVdmwXTn4btrtcF1XOxHvABz88s=' 'self' 'self' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net *.youtube.com/embed platform.twitter.com https://www.gstatic.cn/recaptcha cdn.usefathom.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.ytimg.com cdn.usefathom.com; connect-src 'self' blob: *.procreate.art *.procreate.com *.sentry.io *.savage.si savage-support-request-files.s3-accelerate.amazonaws.com; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si; style-src 'unsafe-inline' *.procreate.art *.procreate.com https://fonts.googleapis.com; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none'; font-src 'self' https://fonts.gstatic.com 2 default-src 'self' nixle.com *.nixle.com everbridge.com *.everbridge.com https://s16176.pcdn.co https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.addtoany.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.marketo.net https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://*.hotjar.com https://www.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.youtube.com https://*.ytimg.com https://s.w.org; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://s16176.pcdn.co; object-src 'self' *.everbridge.com *.nixle.com https://s16176.pcdn.co; prefetch-src 'self' ajax.googleapis.com s.w.org; style-src 'self' *.everbridge.com *.nixle.com https://s16176.pcdn.co https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com; 2 script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2 default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 2 connect-src 'self' wss: *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me *.ozone.ru; img-src 'self' data: ozon.ru *.ozone.ru *.ozon.ru *.kz.ozon.com *.ozon.by *.ozon.kz *.ozonru.me *.by-stg.ozonru.me *.kz-stg.ozoncom.me img.youtube.com *.ozonusercontent.com *.maps.yandex.net *.api-maps.yandex.ru yandex.ru *.yandex.ru mtstv.mts.ru wcm.weborama-tech.ru ad.adriver.ru www.tns-counter.ru www.gstatic.com i.ytimg.com *.google.by *.ozonusercontent.com *.google.kz *.googletagmanager.com yastatic.net *.google.ru; report-uri https://xapi.ozon.ru/csp-log/test-connect-img-srcs-3 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 2 base-uri 'self'; frame-src 'self' cookiejar.mondly.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com secure.2checkout.com 2pay-js.2checkout.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com cdn.cookielaw.org www.googleoptimize.com static.ads-twitter.com www.clarity.ms secure.2checkout.com 2pay-js.2checkout.com 2 script-src 'self'; object-src 'none'; upgrade-insecure-requests 2 frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2 object-src 'self' *.cined.com; report-uri /_/csp-report/ 2 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com data: https://fonts.intercomcdn.com https://*.yotpo.com https://*.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://*.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.affirm.com *.affirm.ca https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://*.facebook.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.affirm.com *.affirm.ca https://www.google.com https://track.hubspot.com https://*.intercom.io https://*.intercomcdn.com https://static.intercomassets.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com https://www.google.co.uk https://heapanalytics.com https://*.yotpo.com www.xtento.com cdn.xtento.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://js.hubspot.com https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.infusionsoft.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.noibu.com https://*.yotpo.com https://*.heapanalytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com https://*.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com * *.adobe.io performance.typekit.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.trustpilot.com https://*.litix.io https://*.noibu.com wss://*.noibu.com wss://*.hotjar.com https://*.yotpo.com https://*.google.com https://*.hscollectedforms.net https://*.pfx.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' chrome-extension: https://www.googletagmanager.com https://app.uiscom.ru https://dsp.setl.ru https://smartcallback.ru 'unsafe-inline' 'unsafe-inline' https://image.sendsay.ru https://abt.s3.yandex.net https://cdn.uxfeedback.ru https://mc.yandex.ru https://top-fwz1.mail.ru https://vk.com https://api-maps.yandex.ru https://www.google-analytics.com https://www.google.com https://www.gstatic.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://spbrealty.ru chrome-extension: https://www.google.com https://mc.yandex.ru; object-src 'self'; report-uri /cspreportonly; 2 default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 2 default-src 'self' *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.tricentis.com https://ajax.googleapis.com https://api.company-target.com https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://cdn.mouseflow.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://connect.facebook.net https://fast.wistia.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://snap.licdn.com https://*.google-analytics.com https://tag.demandbase.com https://tpc.googlesyndication.com https://ws.zoominfo.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com/iframe_api; script-src-elem 'self' 'unsafe-inline' *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.google-analytics.com *.googleoptimize.com *.licdn.com *.marketo.net *.tricentis.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://netlify-cdp-loader.netlify.app https://cdn.mouseflow.com; style-src 'self' 'report-sample' https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.typekit.net https://pages.tricentis.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.marketo.net *.tricentis.com https://www.googletagmanager.com; style-src-attr 'self' 'unsafe-inline' *.marketo.net *.tricentis.com https://www.googletagmanager.com; object-src 'none'; child-src 'self'; connect-src 'self' http://ad.doubleclick.net https://470-gzn-442.mktoresp.com https://*.google.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.linkedin.oribi.io https://api.company-target.com https://ws.zoominfo.com bat.bing.com https://www.google-analytics.com https://tag-logger.demandbase.com; font-src 'self' data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net; frame-ancestors 'self' https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://www.youtube.com https://app.netlify.com https://s.company-target.com; img-src 'self' data: http://ad.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://be.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com https://ct.capterra.com https://embed-ssl.wistia.com https://googleads.g.doubleclick.net https://pubads.g.doubleclick.net *.linkedin.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com; media-src 'self' blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; worker-src 'self' blob:; 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; referrer no-referrer-when-downgrade; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cosmb.report-uri.io/r/default/csp/reportOnly; 2 img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 default-src https: 'unsafe-inline' 2 connect-src 'self' https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeenterprise_google 2 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cybersource.com www.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.online-metrix.net *.bglobale.com *.global-e.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.bglobale.com *.global-e.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.online-metrix.net *.bglobale.com *.global-e.com polyfill.io testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io thm.visa.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com https://www.youtube.com https://www.googletagmanager.com/ *.google.com/ walls.io *.walls.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com *.cloudimg.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.liqui-moly.com *.twofour.dev *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com googleapis.com connect.facebook.net service.liqui-moly.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.cloudimg.io *.scaleflex.it walls.io *.walls.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io walls.io *.walls.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io *.liqui-moly.com *.twofour.dev *.cookiebot.com *.analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ walls.io *.walls.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.liqui-moly.com *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' data 'unsafe-inline' 'unsafe-eval' *.scoresense.com *.scoresensebasic.com *.freescoreonline.com *.nationalcreditreport.com *.freescore360.com https://img1.cdn180.net *.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apigateway.scoresense.com/ https://www.cardratings.com https://img1.cdn180.net https://safetechpageencryptionvar.chasepayment.com https://dev.visualwebsiteoptimizer.com https://safetechpageencryptionvar.chasepaymentech.com *.salesforceliveagent.com cardratings.com seal-dallas.bbb.org seal.digicert.com https://fqtag.com *.fqtag.com https://safetechpageencryption.chasepaymentech.com https://www.googletagmanager.com www.google-analytics.com bat.bing.com *.siteintercept.qualtrics.com https://secure.quantserve.com https://rules.quantcount.com https://cdn.decibelinsight.net blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.facebook.net seal-dallas.bbb.org https://img1.cdn180.net; img-src * 'self' data: https:; connect-src 'self' ws: wss: *.decibelinsight.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.onetechnologies.net stats.g.doubleclick.net *.siteintercept.qualtrics.com *.fqtag.com https://fqtag.com/pixel https://apigateway.scoresense.com https://seal.digicert.com https://images.scanalert.com https://seal-dallas.bbb.org https://onetechnologies.secure.force.com https://www.gstatic.com https://fonts.googleapis.com https://c.la1-c1-ia5.salesforceliveagent.com https://www.googletagmanager.com https://consumerconnect.tui.transunion.com ; font-src 'self' https://fonts.gstatic.com ; frame-src *.fls.doubleclick.net ; frame-ancestors *.scoresense.com *.freescoreonline.com *.nationalcreditreport.com; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec 2 font-src *.fontawesome.com fonts.googleapis.com *.gstatic.com *.audioeye.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.cloudflare.com *.typekit.net *.klaviyo.com *.yotpo.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.audioeye.com *.pinterest.com *.facebook.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.wufoo.com *.google.com *.hotjar.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.bolt.com *.pinterest.com *.facebook.com *.yotpo.com *.amazonaws.com *.builder.io *.adobedtm.com maps.googleapis.com maps.gstatic.com *.bing.com *.salsify.com *.audioeye.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.searchspring.io *.audioeye.com *.jsdelivr.net *.facebook.net *.pinimg.com *.google.com *.bing.com *.hotjar.com *.trackedlink.net *.pingdom.net *.zdassets.com *.truevaultcdn.com *.pinterest.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.builder.io *.cloudfront.net maps.googleapis.com *.zendesk.com *.wufoo.com *.klaviyo.com tr.snapchat.com tag.lexer.io *.simpli.fi *.srv.stackadapt.com *.sentry-cdn.com sc-static.net qvdt3feo.com js-agent.newrelic.com bam.nr-data.net *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.typography.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com fonts.googleapis.com *.typekit.net *.klaviyo.com *.srv.stackadapt.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.builder.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.polywood.com *.trexfurniture.com *.ivyterracefurniture.com *.bolt.com *.pinterest.com *.klaviyo.com *.audioeye.com *.searchspring.io *.doubleclick.net *.cloudflare.com *.builder.io *.bugsnag.com maps.googleapis.com *.google.com *.zdassets.com *.truevaultcdn.com *.pingdom.net *.zendesk.com *.hotjar.com *.smooch.io tr.snapchat.com *.execute-api.us-east-1.amazonaws.com *.srv.stackadapt.com *.ingest.sentry.io bam.nr-data.net *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src * 2 default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.criteo.com *.adform.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com *.facebook.com *.cloudfront.net *.hsforms.com *.powerreviews.com *.stickyadstv.com *.cdninstagram.com *.emxdgt.com *.outbrain.com *.adnxs.com *.pubmatic.com *.3lift.com *.media.net *.casalemedia.com *.bidswitch.net *.revcontent.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.360yield.com *.liadm.com *.criteo.com *.postrelease.com *.tremorhub.com *.mediavine.com *.yieldmo.com *.clmbtech.com *.bing.com *.dmxleo.com *.smaato.net *.tapad.com *.addthis.com *.digitaleast.mobi *.yahoo.com *.doubleclick.net *.mediawallahscript.com *.rlcdn.com *.acsbapp.com track.hubspot.com visitor.omnitagjs.com matching.ivitrack.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com *.criteo.net *.adform.net *.facebook.net *.cloudfront.net *.criteo.com *.hsforms.net *.hsforms.com *.powerreviews.com *.nr-data.net *.newrelic.com *.acsbapp.com foursixty.com *.googletagmanager.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net acsbapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com *.typekit.net *.cloudfront.net *.powerreviews.com foursixty.com www.googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com *.yotpo.com *.visitors.live *.luckyorange.net wss://visitors.live/socket.io/ *.doubleclick.net wss://in.visitors.live/socket.io/ *.powerreviews.com foursixty.com *.acsbapp.com *.nr-data.net *.foursixty.com analytics.google.com *.google.com forms.hubspot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2 child-src 'self' blob:; connect-src 'self' script.crazyegg.com tracking.crazyegg.com www.google-analytics.com maps.googleapis.com stats.addtoany.com pagestates-tracking.crazyegg.com/healthcheck assets-tracking.crazyegg.com/healthcheck va.msg.liveperson.net; default-src 'self'; font-src 'self' data: fonts.gstatic.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; frame-ancestors 'self'; frame-src 'self' lpcdn.lpsnmedia.net va.idp.liveperson.net static.addtoany.com share.transistor.fm www.onlinebanktours.com player.vimeo.com fintactix.com bancorpsouth.custhelp.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net insight.adsrvr.org match.adsrvr.org va.msg.liveperson.net; img-src 'self' data: d21y75miwcfqoq.cloudfront.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net maps.gstatic.com maps.googleapis.com i.vimeocdn.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net https://www.facebook.com/tr/ lpcdn.lpsnmedia.net; media-src 'self' cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net lpcdn.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com script.crazyegg.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net va.v.liveperson.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net static.cloudflareinsights.com maps.googleapis.com static.addtoany.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net js.adsrvr.org/up_loader.1.1.0.js connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; 2 font-src *.fontawesome.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com services.postcodeanywhere.co.uk *.braintreegateway.com braintreegateway.com *.paypal.com paypal.com *.cardinalcommerce.com fonts.googleapis.com *.facebook.com *.google.com *.googleusercontent.com *.hotjar.com *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https: 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https: *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' data: https: *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tracking.recommend.pro *.pcapredict.com js-agent.newrelic.com api.reviews.co.uk www.gstatic.com www.google.com services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.bing.com *.hotjar.com *.pinimg.com *.facebook.net bam.eu01.nr-data.net *.olark.com *.clarity.ms *.onetrust.com *.google-analytics.com *.analytics.google.com *.helpscout.net *.feefo.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.google.com *.facebook.com *.olark.com *.feefo.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.pcapredict.com tracking.recommend.pro api.reviews.co.uk api.reviews.io stats.g.doubleclick.net googleads.g.doubleclick.net services.postcodeanywhere.co.uk *.paypal.com paypal.com *.cardinalcommerce.com *.amazonaws.com *.ksearchnet.com *.pinterest.com *.facebook.com *.hotjar.com *.hotjar.io bam.eu01.nr-data.net *.bing.com wss://*.hotjar.com/api/v2/client/ws *.olark.com *.clarity.ms *.onetrust.com *.analytics.google.com *.feefo.com *.cloudfront.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uxfeedback.ru https://chat.finuslugi.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://top-fwz1.mail.ru https://px.adhigh.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://cdn.amplitude.com https://www.google-analytics.com https://optimize.google.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com;connect-src 'self' https://iss.moex.com *.uxfeedback.ru https://chat.finuslugi.ru wss://chat.finuslugi.ru https://top-fwz1.mail.ru https://px.adhigh.net https://rexc.moex.com https://api.finuslugi.ru https://lk.finuslugi.ru https://assets.finuslugi.ru https://www.moex.com api.amplitude.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com;img-src 'self' data: *.uxfeedback.ru https://vk.com https://www.facebook.com https://11143639.fls.doubleclick.net https://assets.finuslugi.ru https://liknot.ru https://www.workle.ru https://www.google.ru https://www.google.com https://www.google-analytics.com www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' *.uxfeedback.ru https://chat.finuslugi.ru https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com;font-src 'self' data: *.uxfeedback.ru https://fonts.gstatic.com;media-src 'self';child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;frame-src blob: *.uxfeedback.ru https://11143639.fls.doubleclick.net https://finuslugi.inguru.ru https://iframe.inguru.ru https://optimize.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz;base-uri 'self';form-action 'self';manifest-src 'self';worker-src 'self';report-uri https://rexc.moex.com; 2 default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.com resso.com *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com music.tiktok.com tiktokmusic-test.bytedance.net;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 2 default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.4ddons.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.appybook.com https://*.bol.pt https://*.facebook.net https://*.google-analytics.com https://*.svn0czn.com https://*.tryinteract.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hublosk.com https://*.jquery.com https://*.jscontent.net https://*.jullyambery.net https://*.kellyfight.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.appybook.com https://*.bol.pt https://*.dashboard-visor.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.ritta.local https://*.tryinteract.com https://*.acestream.net https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.pilaff-up.ru https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://*.glitch.com https://*.glitch.me https://*.kellyfight.com https://*.ucweb.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.doubleclick.net https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.zscloud.net https://*.appybook.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.tryinteract.com https://*.vimeo.com https://*.vkanalytics.net https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.avast.com https://*.cloudflare.com https://*.ss-cdn.com https://*.windows.net https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.avast.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 2 frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; form-action 'self'; report-uri https://o428203.ingest.sentry.io/api/5429551/security/?sentry_key=f40ce40b003345978a9a5cd0ed90bd9f 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://collect.vendavalida.com.br http://collect.vendavalida.com.br assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe https://collect.vendavalida.com.br www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri /ui/csp-violations/;default-src 'none';img-src 'self' data: https:;base-uri 'self';block-all-mixed-content;form-action 'self';font-src 'self' https://fonts.gstatic.com data:;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://polyfill.io https://ssl.google-analytics.com https://cdn.walkme.com https://www.datadoghq-browser-agent.com 'report-sample';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;media-src 'self';manifest-src 'self';connect-src 'self' 'report-sample' https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://*.walkme.com https://ssl.google-analytics.com https://stats.g.doubleclick.net;frame-src 'self' https://cdn.walkme.com https://*.vetconnectplus.com;frame-ancestors * 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 2 font-src maxcdn.bootstrapcdn.com https://celebrosnlp.com https://fonts.gstatic.com https://apps.mypurecloud.com CPapShopM2-search.celebros.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com https://*.lpsnmedia.net https://www.youtube.com https://s.salecycle.com https://www.facebook.com https://*.adsrvr.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com https://*.listrakbi.com https://*.bing.com https://*.facebook.com https://*.google.com https://lpcdn.lpsnmedia.net https://s3.amazonaws.com https://cdn.routeapp.io celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://checkout-sandbox.getbread.com/bread.js https://checkout.getbread.com/bread.js https://connect-preview.breadpayments.com/sdk.js https://connect.breadpayments.com/sdk.js https://connect-preview.rbc.breadpayments.com/sdk.js https://connect.rbcpayplan.com/sdk.js connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io fonts.googleapis.com https://*.listrak.com https://*.listrakbi.com https://*.liveperson.net https://*.lpsnmedia.net https://*.nr-data.net https://*.newrelic.com https://bat.bing.com https://*.cybba.solutions https://d2rp1k1dldbai6.cloudfront.net https://d16fk4ms6rqz1v.cloudfront.net https://js.adsrvr.org https://connect.facebook.net https://container.pepperjam.com https://www.gstatic.com https://www.rtb123.com https://storage.googleapis.com https://cdn.routeapp.io https://apps.mypurecloud.com https://*.getbread.com https://sentry.io celebrosnlp.com ajax.googleapis.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://*.listrak.com https://*.listrakbi.com https://fonts.googleapis.com https://apps.mypurecloud.com celebrosnlp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com https://*.listrak.com https://*.listrakbi.com https://*.nr-data.net https://*.newrelic.com https://www.sandbox.paypal.com https://www.googleadservices.com https://stats.g.doubleclick.net https://*.salecycle.com https://storage.googleapis.com https://api.route.com https://*.adnxs.com https://sentry.io https://*.sentry.io *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 2 report-uri https://sjc1.qualtrics.com/csp-report 2 report-uri /cdn-cgi/script_monitor/report 2 img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdk.privacy-center.org sdc-bdt.caissedesdepots.fr ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ *.doubleclick.net *.facebook.com *.flashtalking.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.kaptcha.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.pmtonline.co.uk *.clarity.ms *.cloudfront.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trustpilot.com *.nosto.com *.amazonaws.com *.finance-calculator.co.uk *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.yotpo.com blob: x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudfront.net *.tradedoubler.com *.email.pmtonline.co.uk *.mateti.net *.newrelic.com *.nr-data.net *.zdassets.com widget.freshworks.com m2epro.freshdesk.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://angus.finance-calculator.co.uk *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com *.nosto.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com *.mateti.net *.pmtonline.co.uk *.zdassets.com *.zendesk.com *.nr-data.net *.bing.com tbs.pvnsolutions.com widget.freshworks.com m2epro.freshdesk.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://angus.finance-calculator.co.uk *.klarnaevt.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trustpilot.com *.finance-calculator.co.uk *.nosto.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io x.klarnacdn.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.fontawesome.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com https://plumrocket.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.xtento.com cdn.xtento.com blob: *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static-eu.oct8ne.com *.oct8ne.com oct8necdneu.azureedge.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com cdn.xtento.com https://targetemsecure.blob.core.windows.net *.slgnt.eu *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.slgnt.eu ws: *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://geoip-js.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://pay.google.com https://secure-test.worldpay.com https://*.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com https://s3.amazonaws.com https://chd.stats.paypal.com https://*.univarsolutions.com https://*.google.com https://static.hotjar.com https://qa-nexeo.cs196.force.com https://consent.trustarc.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://ws.zoominfo.com https://ict.infinity-tracking.net https://c.la2-c2-ia5.salesforceliveagent.com https://d.la2-c2-ia5.salesforceliveagent.com https://consent.trustarc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com unsafe-inline *.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://stats.g.doubleclick.net https://ict.infinity-tracking.net https://*.smartystreets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com *.google.com *.doubleclick.net www.google-analytics.com tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://bat.bing.com https://static.ads-twitter.com https://pa.videobeat.net https://amplify.outbrain.com https://cdn.jsdelivr.net https://www.google-analytics.com https://*.cookiebot.com https://*.force.com https://snap.licdn.com https://secure.quantserve.com https://rules.quantcount.com https://www.googleoptimize.com https://*.salesforceliveagent.com https://scalablecap.my.salesforce.com https://scalablecap.my.salesforce-sites.com https://*.scalable.capital https://app.usercentrics.eu 'unsafe-eval'; style-src https://scalablecap.secure.force.com https://service.force.com 'self' 'unsafe-inline'; img-src 'self' https://*.scalable.capital https://bat.bing.com https://pa.videobeat.net https://px.ads.linkedin.com https://pixel.quantserve.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.google.es https://www.google.it https://www.google.fr https://www.google.nl https://www.google.at https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://app.usercentrics.eu https://uct.service.usercentrics.eu; object-src none; frame-src https://consentcdn.cookiebot.com https://service.force.com https://*.scalable.capital; connect-src https://stats.g.doubleclick.net/ https://www.google-analytics.com https://bat.bing.com https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://*.scalable.capital https://scalable.capital https://scalablecap.secure.force.com https://api.usercentrics.eu https://aggregator.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://graphql.usercentrics.eu 'self'; worker-src blob: ; report-uri /inner-csp 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com; connect-src 'self' https://*.akamaihd.net https://*.akstat.io https://*.analytics.google.com https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com https://*.pru.co.uk https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://mandg.scene7.com https://privacyportal-de.onetrust.com https://prudential.distribution.team.prudential.co.uk https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net https://prudentialdistributi.tt.omtrdc.net https://policylookup.mandg.com; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com; form-action 'self' https://*.pru.co.uk https://prudential.distribution.team.prudential.co.uk; frame-ancestors 'self' https://www.mymandg.co.uk https://*.pru.co.uk https://*.fundslibrary.co.uk; frame-src 'self' https://*.demdex.net https://*.pru.co.uk https://*.pruadviser.co.uk https://www.brighttalk.com https://digitalsecure.mandg.com https://forms.mymandg.co.uk https://securedigital.wealth.mandg.com https://securedigital.pru.mandg.com https://securedigital.prudential.co.uk https://secure.digital.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://infogram.com https://e.infogram.com https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com https://igccharges.mandg.com; img-src 'self' data: https://*.akstat.io https://*.demdex.net https://*.google-analytics.com https://*.googletagmanager.com https://*.sessioncam.com https://ad.doubleclick.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://i.ytimg.com https://mandg.scene7.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io; media-src blob: https://mandg.scene7.com https://mandg.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://assets.adobedtm.com https://api.fundpress.io https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://js.adsrvr.org https://mandg.scene7.com https://prudential.distribution.team.prudential.co.uk; script-src-elem 'self' 'unsafe-inline' https://*.demdex.net https://*.go-mpulse.net https://*.google-analytics.com https://*.googletagmanager.com https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://www.brighttalk.com https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://js.adsrvr.org https://mandg.scene7.com https://prudential.distribution.team.prudential.co.uk https://report.23video.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://mandg.scene7.com; base-uri 'self' 2 font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 default-src 'self' blob:; img-src 'self' data: *; media-src * blob:; script-src 'self' https://kapsch.net https://www.kapsch.net https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app https://*.albacross.com *.googletagmanager.com *.google-analytics.com data: *.googleadservices.com *.google.com *.googlesyndication.com snap.licdn.com cdn.linkedin.oribi.io analytics.twitter.com *.ads-twitter.com kapsch.matomo.cloud cdn.matomo.cloud noembed.com *.youtube.com *.soundcloud.com vimeo.com tools.euroland.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'unsafe-eval' blob: streamer.a1.net webcast.a1.net vjs.zencdn.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app https://*.albacross.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.googlesyndication.com snap.licdn.com cdn.linkedin.oribi.io analytics.twitter.com *.ads-twitter.com kapsch.matomo.cloud cdn.matomo.cloud noembed.com *.youtube.com *.soundcloud.com vimeo.com streamer.a1.net webcast.a1.net; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net streamer.a1.net webcast.a1.net vjs.zencdn.net; font-src 'self' data:; manifest-src 'self'; report-uri /csp-violation-report/ 2 font-src fonts.gstatic.com fonts.googleapis.com data: *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' data: *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com www.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://www.chasepaymentechhostedpay.com/ https://directory.scouting.org/ http://directory.scouting.org/ www.facebook.com googleads.g.doubleclick.net *.braintreegateway.com/ *.kaptcha.com/ *.paypal.com/ www.youtube.com media.boyslife.org c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cdninstagram.com *.fbcdn.net *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.ytimg.com *.widgets.magentocommerce.com https://mediafiles.scoutshop.org/ https://www.facebook.com *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com 89086.global.siteimproveanalytics.io *.nextopia.net script.hotjar.com *.clarity.ms *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com static.klaviyo.com static-tracking.klaviyo.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.service.force.com *.cdn.nextopia.net *.nextopiasoftware.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js *.googletagmanager.com https://stats.g.doubleclick.net/ *.gtm.js *.googleoptimize.com *.newrelic.com/ siteimproveanalytics.com *.paypal.com/ script.crazyegg.com *.clarity.ms *.ecomm-nav.com *.hotjar.io *.hotjar.com bam-cell.nr-data.net *.nr-data.net *.facebook.net *.checkout.vficloud.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.secure.force.com *.klaviyo.com *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://service.force.com *.nextopia.net https://static.klaviyo.com unsafe-inline tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.secure.force.com *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js https://fast.a.klaviyo.com *.klaviyo.com https://static-forms.klaviyo.com wss://ws20.hotjar.com a.klaviyo.com *.braintree-api.com *.braintreegateway.com/ *.crazyegg.com *.clarity.ms *.hotjar.io *.hotjar.com *.facebook.com wss: https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com fonts.gstatic.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn1.stamped.io blob 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cloudinary.com *.cloudinary.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net fonts.googleapis.com assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io cdn.ampproject.org www.googleapis.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; 2 font-src *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ *.fontawesome.com 'self' data: fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://px.steelhousemedia.com/ https://match.sharethrough.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ https://dx.mountain.com/ https://px.mountain.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ unsafe-inline https://static.klaviyo.com fonts.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 font-src fonts.gstatic.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.youtube.com youtu.be www.youtube-nocookie.com audioeye.com *.audioeye.com checkout.sezzle.com sandbox.checkout.sezzle.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com fortnine.ca *.fortnine.ca defender.com *.defender.com https://c683207.ssl.cf2.rackcdn.com www.youtube.com *.youtube.com youtu.be www.google.ca www.googletagmanager.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com fortnine.ca *.fortnine.ca defender.com *.defender.com *.newrelic.com bam.nr-data.net *.nr-data.net fullstory.com www.youtube.com *.youtube.com youtu.be googleads.g.doubleclick.net connect.facebook.net static.cloudflareinsights.com *.cloudflareinsights.com js.authorize.net audioeye.com *.audioeye.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com fonts.googleapis.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com algolianet.com *.algolianet.com bam.nr-data.net *.nr-data.net analytics.google.com www.facebook.com js.authorize.net jstest.authorize.net ws1.postescanada-canadapost.ca *.postescanada-canadapost.ca audioeye.com *.audioeye.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fortnine.ca *.fortnine.ca defender.com *.defender.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2 default-src 'self' blob: https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://sentry2.lynx-trader.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com https://*.cookiebot.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com data: https://siegel.ausgezeichnet.org https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://amplify.outbrain.com https://tr.outbrain.com https://*.taboola.com https://cdn.pushcrew.com https://fat.financeads.net https://www.dwin1.com https://www.google.com https://www.gstatic.com https://cdn.datatables.net https://www.youtube.com https://www.googleadservices.com https://www.awin1.com https://cdnjs.cloudflare.com https://pushcrew.com https://*.pushcrew.com https://service.lynx.nl https://*.wistia.com https://www.googleoptimize.com https://optimize.google.com https://js.adsrvr.org https://p.teads.tv https://*.twitter.com https://*.clarity.ms https://*.ads-twitter.com https://*.livechatinc.com https://pixel.adcrowd.com https://googleads.g.doubleclick.net https://*.trustpilot.com https://widget.trustpilot.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://pushcrew.com https://cdn.pushcrew.com https://cdn.datatables.net https://code.jquery.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://optimize.google.com https://hilfe.lynxbroker.de ; img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com *.gravatar.com https://*.ausgezeichnet.org https://pushcrew.com https://*.pushcrew.com https://*.linkedin.com https://tr.outbrain.com https://cds.taboola.com https://www.awin1.com https://www.googletagmanager.com https://cdn.datatables.net https://www.financeads.net https://www.google.com https://*.doubleclick.net https://hilfe.lynxbroker.de https://www.google.nl https://www.google.de https://i.ytimg.com https://p.adsymptotic.com https://cdn.lynxbroker.com https://www.lynxbroker.de https://www.lynxbroker.ch https://www.lynxbroker.at https://service.lynx.nl https://*.wistia.com https://gallery.mailchimp.com https://www.gstatic.com https://t.co https://*.clarity.ms https://*.teads.tv https://*.bing.com https://*.cloudfront.net https://analytics.twitter.com https://secure.adnxs.com ; font-src 'self' data: https://fonts.gstatic.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://*.fourthline.com ; frame-src 'self' https://*.cookiebot.com https://www.facebook.com https://vars.hotjar.com https://www.google.com https://us-central1-madrid-investing.cloudfunctions.net https://www.youtube.com https://lynx-germany.softgarden.io https://www.awin1.com https://web.facebook.com https://html5-player.libsyn.com https://fast.wistia.net https://optimize.google.com https://*.doubleclick.net https://servedby.flashtalking.com https://insight.adsrvr.org https://play.libsyn.com https://secure.livechatinc.com https://*.trustpilot.com https://*.adsrvr.org ; frame-ancestors 'self' ; connect-src 'self' https://*.lynx-webservice.com https://*.lynx-trader.com https://www.google-analytics.com https://*.hotjar.com https://lynx-webservice.com https://lynx-webservice.de https://docs.google.com wss://*.hotjar.com https://vc.hotjar.io https://*.bing.com https://trc-events.taboola.com https://hilfe.lynxbroker.de https://lynxsolr.de https://cdn.datatables.net https://www.google.com https://*.pushcrew.com https://*.facebook.com https://*.googleusercontent.com https://*.wistia.com https://*.litix.io https://*.cookiebot.com https://*.googlesyndication.com https://*.doubleclick.net https://*.teads.tv https://*.clarity.ms https://*.google-analytics.com ; media-src https://s3.eu-west-1.amazonaws.com https://s3.eu-central-1.amazonaws.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://cdn.livechatinc.com; 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'unsafe-inline' data: *.channelsight.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com *.myepigraph.com playcanv.as *.snapchat.com *.clinch.co *.pinterest.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.channelsight.com cscoreproweustor.blob.core.windows.net *.skil.com *.gstatic.com *.googleapis.com *.fls.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org *.ispot.tv egopowerplus.com *.egopowerplus.com egopowerplus.com.au *.flexpowertools.com pixel.roymorgan.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.tiktok.com sc-static.net *.channelsight.com unpkg.com *.jsdelivr.net viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.snapchat.com adriano-au.avanser.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com *.google.com lm.serving-sys.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdn-custom.optimonk.com https://at.alicdn.com https://cdn.honey.io https://storage.googleapis.com; img-src 'self' data: https://laced-testing.imgix.net https://laced.imgix.net https://scoutapm.com https://apm.scoutapp.com https://laced-production.s3.eu-west-2.amazonaws.com https://www.google-analytics.com https://bat.bing.com https://www.facebook.com https://www.google.com https://www.google.com.cy https://www.google.co.uk https://editor-upload-cdn.optimonk.com https://www.zenaps.com https://www.google.de https://www.googletagmanager.com https://translate.google.com https://www.google.co.th https://www.gstatic.com https://www.google.com.hk https://www.google.com.sa https://www.google.com.jm https://www.google.es https://www.awin1.com https://googleads.g.doubleclick.net https://*.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com http://widget.trustpilot.com https://bat.bing.com https://apm.scoutapp.com/ https://scoutapm.com https://www.dwin1.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://front.optimonk.com https://connect.facebook.net https://gs-cdn.optimonk.com https://static.hotjar.com https://script.hotjar.com https://js.stripe.com https://www.googleadservices.com https://tpc.googlesyndication.com https://the.sciencebehindecommerce.com https://www.zenaps.com; style-src 'self' 'unsafe-inline' https://scoutapm.com https://apm.scoutapp.com https://www.googletagmanager.com https://cdn-asset.optimonk.com https://fonts.googleapis.com https://translate.googleapis.com https://cdn.honey.io; connect-src 'self' https://www.google-analytics.com https://bat.bing.com/ https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://front.optimonk.com https://region1.google-analytics.com https://jfapiprod.optimonk.com https://in.hotjar.com https://adservice.google.com https://telemetrics.klaviyo.com https://www.google.com https://cdn-renderer.optimonk.com https://a.klaviyo.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://the.sciencebehindecommerce.com https://laced-production.s3.eu-west-2.amazonaws.com https://cdn.growthbook.io; frame-src 'self' https://widget.trustpilot.com/ https://js.stripe.com/ https://vars.hotjar.com https://www.facebook.com https://www.zenaps.com https://tpc.googlesyndication.com; report-uri /csp_report 2 worker-src blob:; font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: https://widgets.trustedshops.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' https://0merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com https://google.com https://checkout.paypal.com https://*.mylivechat.com https://www.paypalobjects.com https://ssl.kaptcha.com *.arcot.com https://player.vimeo.com *.maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com maps.googleapis.com maps.gstatic.com *.klarnacdn.net *.klarna.com *.klarnaevt.com www.w3.org *.totallywicked-eliquid.co.uk *.totallywicked.co.uk https://www.theelectroniccigarette.co.uk https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://*.stats.paypal.com https://*.cloudfront.net https://services.postcodeanywhere.co.uk https://chart.apis.google.com https://*.mylivechat.com https://*.tradetracker.net https://*.paypal.com 'self' data: https://widgets.trustedshops.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.klarnacdn.net *.klarnaservices.com 'self' data: https://bam.nr-data.net https://*.chimpstatic.com https://chimpstatic.com https://*.cloudfront.net https://*.vimeocdn.com *.trustpilot.com https://js-agent.newrelic.com https://maps.googleapis.com https://*.mylivechat.com https://mylivechat.com https://services.postcodeanywhere.co.uk https://static.cloudflareinsights.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/* https://*.pcapredict.com https://*.tradetracker.net *.totallywicked-eliquid.co.uk *.google.com *.gstatic.com https://widgets.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' https://fonts.googleapis.com https://*.mylivechat.com https://services.postcodeanywhere.co.uk https://*.totallywicked-eliquid.co.uk https://*.totallywicked.co.uk *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.klarnaevt.com *.playground.klarnaevt.com https://api.hermesworld.co.uk https://bam.nr-data.net https://maps.googleapis.com *.google-analytics.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net wss://am.freshrelevance.com https://rum-http-intake.logs.datadoghq.eu https://rum.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://am.freshrelevance.com https://*.trustpilot.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://www.googletagmanager.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.mylivechat.com https://mylivechat.com 'self' 'unsafe-inline'; 2 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.mscanada.ca https://*.spcanada.ca https://apply.workable.com https://www.workable.com https://cdn.livechatinc.com https://api.livechatinc.com https://js-agent.newrelic.com https://www.googletagmanager.com/gtm.js https://bam.nr-data.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.mscanada.ca https://ccf807.spcanada.ca https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: https://*.mscanada.ca https://*.spcanada.ca https://bam.nr-data.net; media-src 'self' https://cdn.livechatinc.com; frame-src 'self' https://secure.livechatinc.com https://www.youtube.com; frame-ancestors 'self'; child-src 'none'; font-src 'self' data: https://ccf807.mscanada.ca https://cdn.jsdelivr.net https://cdn.livechatinc.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://*.mscanada.ca https://*.spcanada.ca https://api.livechatinc.com https://bam.nr-data.net; report-uri /report-csp-violation 2 default-src https: data: 'unsafe-inline'; upgrade-insecure-requests 2 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cse.google.com 1468.global.siteimproveanalytics.io *.facebook.com ka-f.fontawesome.com nj.gov placeimg.com *.addthis.com www.rnengage.com *.ads-twitter.com adservice.google.com sdk.amazonaws.com clients1.google.com *.state.nj.us njdoc.gov imgssl.constantcontact.com *.custhelp.com www.njsp.org *.gstatic.com use.typekit.net *.nj.gov www.google.com p.typekit.net use.fontawesome.com maxcdn.bootstrapcdn.com region1.google-analytics.com *.arcgis.com www.googletagmanager.com oss.maxcdn.com *.googleapis.com stackpath.bootstrapcdn.com static.dialogflow.com public.govdelivery.com siteimproveanalytics.com 77497.global.siteimproveanalytics.io content.govdelivery.com cdn.jsdelivr.net server.arcgisonline.com *.adsrvr.org *.googleadservices.com www.youtube.com cognito-identity.us-east-1.amazonaws.com 6291948.global.r2.siteimproveanalytics.io www.credit-card-logos.com *.facebook.net *.youtube-nocookie.com code.jquery.com cdnjs.cloudflare.com translate.google.com kit.fontawesome.com fonts.gstatic.com www.njaqinow.net *.doubleclick.net *.cloudfront.net www.google-analytics.com *.fbcdn.net analytics.google.com 77604.global.siteimproveanalytics.io *.twitter.com malsup.github.io; form-action *.googleapis.com *.nj.gov www.google.com *.state.nj.us nj.gov; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent.cookiebot.com *.facebook.net www.googletagmanager.com consentcdn.cookiebot.com *.doubleclick.net www.google-analytics.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.zdassets.com cdn.brcdn.com *.googleapis.com *.google-analytics.com *.google.com *.trustpilot.com *.newrelic.com bam.nr-data.net *.amazonaws.com *.jquery.com fonts.fontawesome.com fonts.gstatic.com use.fontawesome.com sarnova-dev.s3.amazonaws.com *.akstat.io 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com https://ad.doubleclick.net https://maps.googleapis.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com https://td.doubleclick.net; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2 frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdn.popt.in/pixel.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://connect.facebook.net/en_GB/sdk.js https://embed.tawk.to/_s/v4/app/62835fee0eb/js/twk-chunk-2d0b9454.js https://js.stripe.com/v3/ https://stats.g.doubleclick.net/dc.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__en.js https://www.ipqualityscore.com/api/pingperfect.com/EnAWcy60QjCbGaVhQ47aEJDsOzvE8HxDKAr6xkGX0SiALznu9wGoX7FLCXQormDbwuF21HTXtvA2MlNkkv8l9hAvCvIHZwzBMhqVZkpUKj2FRYixhYbofewy9zy8sMcZVLi2VveEv7XpV9PPssOitHFBjuCGOMbNY1DcLnrgAiVTYb1UsOHaNSO5ezYFHi5mfLH5A7qII1i2K https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ https://platform.twitter.com https://analytics.twitter.com https://en.twitter.com https://cdn.syndication.twimg.com https://use.fontawesome.com https://kit.fontawesome.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://static.cloudflareinsights.com https://ajax.googleapis.com https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://m.youtube.com https://www.googletagmanager.com https://googletagmanager.com https://secure.gravatar.com https://cdn.jsdelivr.net https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com https://www.paypalobjects.com https://static.ads-twitter.com https://*.ep-mimecast.ads-twitter.com https://cdn.popt.in https://pingperfect.com http://pingperfect.com https://rec.smartlook.com https://www.gstatic.com https://www.pagespeed-mod.com; style-src 'self' 'report-sample' 'unsafe-inline' https://cdn.popt.in/ https://cdnjs.cloudflare.com/ https://embed.tawk.to/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://platform.twitter.com/ https://use.fontawesome.com/ fonts.googleapis.com embed.tawk.to ton.twimg.com platform.twitter.com *.fontawesome.com cdnjs.cloudflare.com *.google.com ajax.googleapis.com checkout.stripe.com secure.gravatar.com cdn.jsdelivr.net display.popt.in cdn.popt.in www.gstatic.com www.tinymce.com; object-src *.googlesyndication.com; frame-src 'self' https://js.stripe.com/ https://www.google.com/ va.tawk.to *.twitter.com *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.stripe.com *.stripe.network *.youtube.com www.youtube-nocookie.com www.googletagmanager.com *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com www.paypalobjects.com *.paypal.com; child-src 'self' blob: *.facebook.com connect.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com www.googletagmanager.com www.paypalobjects.com *.paypal.com; img-src 'self' data: blob: https://abs.twimg.com/ https://embed.tawk.to/ https://pbs.twimg.com/ https://stats.g.doubleclick.net/ https://syndication.twitter.com/ https://www.google.co.uk/ https://www.google.com/ fonts.gstatic.com embed.tawk.to tawk.link cdn.jsdelivr.net/emojione t.co *.twitter.com *.twimg.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.fbcdn.net www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com ajax.googleapis.com *.stripe.com *.ytimg.com *.youtube.com www.googletagmanager.com *.gravatar.com cdn.jsdelivr.net www.gstatic.com/recaptcha www.paypalobjects.com analytics.twitter.com www.gstatic.com steamuserimages-a.akamaihd.net www.pingperfect.com pingperfect.com uploads.mordhau.com www.google.ps www.google.ba www.google.com.mm i.imgur.com android-webview-video-poster:; font-src 'self' data: https://cdnjs.cloudflare.com/ https://embed.tawk.to/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ *.tawk.to wss://*.tawk.to t.co *.twitter.com *.twimg.com *.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: cloudflareinsights.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com ajax.googleapis.com *.stripe.com www.googletagmanager.com *.gravatar.com *.paypal.com www.paypalobjects.com display.popt.in manager.eu.smartlook.cloud web-writer.eu.smartlook.cloud web-writer.br.smartlook.cloud events-writer.smartlook.com d3lopmpcew67el.cloudfront.net https://new229.com fonts.gstatic.com fonts.googleapis.com embed.tawk.to *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com chrome-extension:; connect-src 'self' https://verify.cpanel.net/ https://d3lopmpcew67el.cloudfront.net/ https://display.popt.in/ https://embed.tawk.to/ https://fn.eu.ipqualityscore.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/ https://va.tawk.to/ https://www.google-analytics.com/; manifest-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.facebook.com connect.facebook.net *.google.com gamepanel.pingperfect.com www.paypal.com; media-src 'self' embed.tawk.to tawk.link dai.google.com; prefetch-src 'self' *.googlesyndication.com; worker-src 'self' blob: www.google.com www.recaptcha.net; report-uri https://pingperfect.report-uri.com/r/d/csp/wizard 2 font-src *.fontawesome.com script.hotjar.com data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.cdninstagram.com *.fbcdn.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com maxcdn.bootstrapcdn.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.amazonaws.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com data: *.truefitcorp.com *.espssl.com *.global-e.com *.monetate.net *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.amazonaws.com www.facebook.com *.global-e.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.livechatinc.com www2.bglobale.com/ *.salesfloor.net *.criteo.com *.google.com *.googletagmanager.com *.paypal.com *.facebook.com *.truefitcorp.com *.g.doubleclick.net *.criteo.net players.brightcove.net *.global-e.com *.styledby.stjohnknits.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.doubleclick.net *.bglobale.com *.google-analytics.com *.googletagmanager.com *.stickyadstv.com *.google.co.in *.salesfloor.net *.facebook.com *.bing.com *.listrakbi.com *.espssl.com *.global-e.com *.cloudfront.net *.casalemedia.com *.criteo.com *.mediawallahscript.com *.adnxs.com *.analytics.yahoo.com *.yahoo.com *.openx.net s.ad.smaato.net *.media.net *.3lift.com *.pubmatic.com *.tapad.com *.bidswitch.net *.advertising.com *.rubiconproject.com *.addthis.com *.outbrain.com *.ads.yieldmo.com cm.mgid.com *.truefitcorp.com *.linksynergy.com *.taboola.com *.omnitagjs.com *.teads.tv *.sharethrough.com *.smartadserver.com *.360yield.com *.adform.net *.yieldlab.net *.digitaleast.mobi *.privacysandbox.googleadservices.com *.adscale.de *.gstatic.com *.akamaized.net *.googleusercontent.com *.amazonaws.com *.googleapis.com *.clarity.ms *.dmxleo.com *.revcontent.com *.admanmedia.com *.liadm.com *.postrelease.com *.tremorhub.com *.kargo.com *.tpmn.co.kr *.clmbtech.com *.zemanta.com *.adsrvr.org *.bluekai.com *.contextweb.com *.deepintent.com ad.as.amanad.adtdp.com csm.da.us.criteo.net *.rlcdn.com *.ivitrack.com *.mediavine.com ad.sxp.smartclip.net au.ants.vn *.quantserve.com *.yieldmo.com *.twiago.com *.lemmatechnologies.com *.srv.stackadapt.com *.amazon-adsystem.com csm.va.us.criteo.net *.bnmla.com *.simpli.fi *.meba.kr *.mathtag.com *.sitescout.com *.crwdcntrl.net *.targeting.unrulymedia.com *.1rx.io *.adx.opera.com *.clientgear.com *.instantsearchplus.com *.dyntrk.com *.brightmountainmedia.com idsync.admixer.co.kr *.styledby.stjohnknits.com *.aralego.com *.toast.com *.dotomi.com *.aralego.net fksnk.com *.mfadsrvr.com *.onprospects.com *.onaudience.com ad.turn.com *.socdm.com *.adingo.jp *.ad-stir.com *.dable.io creativecdn.com a1.b0e8.com aa.agkn.com d.turn.com beacon.krxd.net *.monetate.net e1.emxdgt.com c.aaxads.com *.gssprt.jp *.pippio.com *.mmtro.com *.rfihub.com *.rezync.com *.narvar.com *.narvar.qa store.paradoxlabs.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.authorize.net *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.truefitcorp.com *.bglobale.com cookiepro.blob.core.windows.net *.appspot.com cdn.livechatinc.com *.listrakbi.com api.livechatinc.com *.google-analytics.com *.jquery.com *.google.com *.googletagmanager.com *.bing.com *.upsellit.com *.salesfloor.net *.rmp.rakuten.com *.facebook.net *.g.doubleclick.net *.newrelic.com *.quantcount.com *.criteo.net *.criteo.com widget.us.criteo.com *.nr-data.net *.googleapis.com *.freegeoip.net *.clarity.ms *.loopme.me *.quantserve.com *.bnmla.com *.krxd.net console.brightmountainmedia.com ad.turn.com s-cs.send.microad.jp beacon.krxd.net *.thebrighttag.com *.mfadsrvr.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.b0e8.com *.monetate.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com *.googletagmanager.com *.google.com *.bglobale.com cookiepro.blob.core.windows.net cdn.listrakbi.com *.truefitcorp.com *.espssl.com *.global-e.com *.styledby.stjohnknits.com *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com *.kxcdn.com *.listrakbi.com *.upsellit.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de staticw2.yotpo.com *.cardinalcommerce.com *.payments-amazon.co.jp *.payments-amazon.co.uk *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.amazonaws.com *.bglobale.com *.stjohnknits.com *.truefitcorp.com *.google-analytics.com *.google.com *.googletagmanager.com *.paypal.com *.nr-data.net *.g.doubleclick.net *.uc.r.appspot.com ultimate-dot-acp-magento.appspot.com *.livechatinc.com *.bing.com *.googleapis.com *.clarity.ms www.facebook.com *.listrakbi.com *.global-e.com *.styledby.stjohnknits.com *.bc0a.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net *.gstatic.com 'self' data: https://widgets.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com ct.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de maps.google.com chat.babypark.nl c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl *.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js.klevu.com js-agent.newrelic.com api.livechatinc.com cdn.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com ct.pinterest.com stats.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com babyparkgmbh.zendesk.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 child-src ; connect-src 'self' api.bellhop.com api.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bellhop.extole.io *.clarity.ms cdn.segment.com ct.pinterest.com *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net rs.fullstory.com stats.g.doubleclick.net www.google-analytics.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com ads.nextdoor.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 2 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ups.analytics.yahoo.com i.liadm.com sjf.flycorsair.com *.bidswitch.net *.linkedin.com criteo-sync.teads.tv www.googletagmanager.com dashboard.chatfuel.com *.licdn.com *.twitter.com try.abtasty.com pixel.tapad.com www.google.fr genki.flycorsair.com cdn.linkedin.oribi.io ad.yieldlab.net *.taboola.com *.criteo.net *.criteo.com exchange.mediavine.com eb2.3lift.com contextual.media.net visitor.omnitagjs.com ib.adnxs.com sync-criteo.ads.yieldmo.com *.casalemedia.com sync.outbrain.com match.sharethrough.com adservice.google.com *.facebook.com www.flycorsair.com www.google.com matching.ivitrack.com www.youtube.com *.doubleclick.net secure.adnxs.com bat.bing.com dcinfos-cache.abtasty.com cm.adform.net *.facebook.net simage2.pubmatic.com *.smartadserver.com t.co criteo-partners.tremorhub.com *.rubiconproject.com ad.360yield.com tg.socdm.com ariane.abtasty.com id5-sync.com; form-action www.flycorsair.com *.facebook.com; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self' cdn.synthetix.com ssc.synthetix.com; img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io; font-src *.gstatic.com *.hotjar.com *.hotjar.io; frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/; object-src https://wjecwebsitelive.blob.core.windows.net; connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io; style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2 default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx *.6flags.com 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/edu_google 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://us.altosresearch.com https://google.com https://www.gstatic.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 2 img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com *.youtube.com youtu.be google.com *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://www.google.com https://www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com *.nr-data.net *.google-analytics.com dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com jquery.sellxed.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com *.avada.io *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src *.klevu.com https://use.typekit.net *.typekit.net *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src https://use.typekit.net/obb3otl.css https://use.typekit.net *.typekit.net *.adobe.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; frame-src 9359360.fls.doubleclick.net fls.doubleclick.net fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://map.pargo.co.za/ oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src edgars.co.za assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.klevu.com *.ksearchnet.com https://pargo.co.za oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; 2 connect-src 'self' analytics.google.com maxcdn.bootstrapcdn.com use.typekit.net cdn.linkedin.oribi.io translate.googleapis.com play.vidyard.com stats.g.doubleclick.net 573-jlc-716.mktoresp.com 677-qfu-507.mktoresp.com 677-qfu-507.mktoutil.com play.vidyard.com stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self'; frame-ancestors 'self'; default-src 'self' 677-qfu-507.mktoresp.com a1.b0e8.com cdn.b0e8.com cdn.vidyard.com maxcdn.bootstrapcdn.com munchkin.marketo.net p.typekit.net play.vidyard.com px.ads.linkedin.com region1.google-analytics.com snap.licdn.com stats.g.doubleclick.net use.typekit.net www.google-analytics.com www.google.com www.googletagmanager.com www.greatamericaninsurancegroup.com www.gstatic.com www.linkedin.com; frame-src 'self' fast.wistia.net podcasters.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm app-ab02.marketo.com platform.twitter.com play.vidyard.com specialty.gaig.com www.google.com www.youtube.com www.surveymonkey.com; img-src 'self' www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat a.b0e8.com data: blob: a1.b0e8.com specialty.gaig.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com; script-src-elem 'self' bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com widget.surveymonkey.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com app-ab02.marketo.com munchkin.marketo.net platform.twitter.com play.vidyard.com specialty.gaig.com use.typekit.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com specialty.gaig.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.surveymonkey.com specialty.gaig.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net app-ab02.marketo.com www.googletagmanager.com use.typekit.net munchkin.marketo.net play.vidyard.com; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' specialty.gaig.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; prefetch-src 'self' play.vidyard.com; media-src 'self' data: ssl.gstatic.com; child-src 'self' app-ab02.marketo.com play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/reportOnly 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 2 child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2 default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 2 default-src 'none'; connect-src 'self' https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://ka-p.fontawesome.com https://maps.googleapis.com https://notifier-configs.airbrake.io https://s.yimg.com https://stats.g.doubleclick.net wss://*.hotjar.com https://www.facebook.com/tr; font-src 'self' https://*.fontawesome.com https://fonts.gstatic.com https://*.hotjar.com; frame-src https://*.hotjar.com https://9860174.fls.doubleclick.net https://go.adflegal.org https://insight.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://9860174.fls.doubleclick.net https://ad.doubleclick.net https://analytics.sleeknote.com https://img.youtube.com https://maps.gstatic.com https://pixel.quantserve.com https://pxl.ist https://sp.analytics.yahoo.com https://www.facebook.com; script-src 'nonce-lQ8gi0iA3uIFWakn2IRFBA==' 'self' https://*.hotjar.com https://connect.facebook.net https://www.gstatic.com cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js https://apis.google.com/js/api.js https://cdn.jsdelivr.net/npm/@airbrake/browser https://cdn.jsdelivr.net/npm/chart.js@3.7.1/dist/chart.min.js https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0 https://cdnjs.cloudflare.com/ajax/libs/dragula/3.7.2/dragula.min.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/iframeResizer.min.js https://cdnjs.cloudflare.com/ajax/libs/jQuery.dotdotdot/1.7.4/jquery.dotdotdot.min.js https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.1/js.cookie.min.js https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js https://cdnjs.cloudflare.com/ajax/libs/parsley.js/2.9.1/parsley.min.js https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal.min.js https://cdnjs.cloudflare.com/ajax/libs/svg.js/2.3.0/svg.min.js https://embed.idonate.com/idonate.js https://js.hsforms.net/forms/embed/v2.js https://kit.fontawesome.com/2ef0cdad04.js https://maps.googleapis.com/maps/api/js https://sleeknotecustomerscripts.sleeknote.com/51140.js https://unpkg.com/@idonatedev/idonate-sdk@1.0.4/umd/idonate-sdk.js https://unpkg.com/aos@2.3.1/dist/aos.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleoptimize.com/optimize.js mdbootstrap.com/mdbcdn/mdbcdn/mdb.min.js 'unsafe-inline'; script-src-elem 'self' https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://rules.quantcount.com https://s.yimg.com https://secure.quantserve.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js https://apis.google.com/js/api.js https://cdn.jsdelivr.net/npm/@airbrake/browser https://cdn.jsdelivr.net/npm/chart.js@3.7.1/dist/chart.min.js https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0 https://cdnjs.cloudflare.com/ajax/libs/dragula/3.7.2/dragula.min.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/iframeResizer.min.js https://cdnjs.cloudflare.com/ajax/libs/jQuery.dotdotdot/1.7.4/jquery.dotdotdot.min.js https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.1/js.cookie.min.js https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js https://cdnjs.cloudflare.com/ajax/libs/parsley.js/2.9.1/parsley.min.js https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal.min.js https://cdnjs.cloudflare.com/ajax/libs/svg.js/2.3.0/svg.min.js https://embed.idonate.com/idonate.js https://js.hsforms.net/forms/embed/v2.js https://kit.fontawesome.com/2ef0cdad04.js https://maps.googleapis.com/maps/api/js https://sleeknotecustomerscripts.sleeknote.com/51140.js https://unpkg.com/@idonatedev/idonate-sdk@1.0.4/umd/idonate-sdk.js https://unpkg.com/aos@2.3.1/dist/aos.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleoptimize.com/optimize.js mdbootstrap.com/mdbcdn/mdbcdn/mdb.min.js; style-src 'self' https://*.hotjar.com cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cerulean/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cosmo/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cyborg/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/darkly/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/flatly/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/journal/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/litera/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/lumen/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/lux/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/materia/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/minty/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/pulse/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/sandstone/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/simplex/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/sketchy/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/slate/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/solar/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/spacelab/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/superhero/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/united/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/yeti/bootstrap.min.css fonts.googleapis.com/css2?family=PT+Sans:wght@400;700&display=swap fonts.googleapis.com/css?family=Abel%7CMedula+One fonts.googleapis.com/css?family=Alice%7CPlayfair+Display:900 fonts.googleapis.com/css?family=Dancing+Script:700%7CEB+Garamond fonts.googleapis.com/css?family=Fjalla+One%7CCantarell:400,400italic,700italic,700 fonts.googleapis.com/css?family=Josefin+Sans:700%7CAmatic+SC:700 fonts.googleapis.com/css?family=Lato:300%7CGrand+Hotel fonts.googleapis.com/css?family=Lato:300,400,300italic,400italic fonts.googleapis.com/css?family=Leckerli+One%7CCoustard:900 fonts.googleapis.com/css?family=Montserrat:400,700 fonts.googleapis.com/css?family=Open+Sans%7CDosis:400,800 fonts.googleapis.com/css?family=Oswald:700%7CDroid+Serif:400,700italic fonts.googleapis.com/css?family=Philosopher%7CMuli:300 fonts.googleapis.com/css?family=Roboto%7CRoboto+Condensed%7CAlegreya:700 fonts.googleapis.com/css?family=Roboto%7CRoboto+Condensed:700 fonts.googleapis.com/css?family=Vollkorn:700italic,700%7CExo:400,400italic fonts.googleapis.com/icon?family=Material+Icons https://cdnjs.cloudflare.com/ajax/libs/dragula/3.7.2/dragula.min.css https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal-default-theme.min.css https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal.min.css https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,300italic,400italic,700,700italic https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,400italic,500,500italic,700italic,700,900,900italic https://unpkg.com/aos@2.3.1/dist/aos.css mdbootstrap.com/mdbcdn/mdb.min.css use.fontawesome.com/releases/v5.13.0/css/all.css; style-src-elem 'self' cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cerulean/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cosmo/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/cyborg/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/darkly/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/flatly/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/journal/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/litera/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/lumen/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/lux/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/materia/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/minty/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/pulse/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/sandstone/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/simplex/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/sketchy/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/slate/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/solar/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/spacelab/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/superhero/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/united/bootstrap.min.css cdnjs.cloudflare.com/ajax/libs/bootswatch/5.2.0/yeti/bootstrap.min.css fonts.googleapis.com/css2?family=PT+Sans:wght@400;700&display=swap fonts.googleapis.com/css?family=Abel%7CMedula+One fonts.googleapis.com/css?family=Alice%7CPlayfair+Display:900 fonts.googleapis.com/css?family=Dancing+Script:700%7CEB+Garamond fonts.googleapis.com/css?family=Fjalla+One%7CCantarell:400,400italic,700italic,700 fonts.googleapis.com/css?family=Josefin+Sans:700%7CAmatic+SC:700 fonts.googleapis.com/css?family=Lato:300%7CGrand+Hotel fonts.googleapis.com/css?family=Lato:300,400,300italic,400italic fonts.googleapis.com/css?family=Leckerli+One%7CCoustard:900 fonts.googleapis.com/css?family=Montserrat:400,700 fonts.googleapis.com/css?family=Open+Sans%7CDosis:400,800 fonts.googleapis.com/css?family=Oswald:700%7CDroid+Serif:400,700italic fonts.googleapis.com/css?family=Philosopher%7CMuli:300 fonts.googleapis.com/css?family=Roboto%7CRoboto+Condensed%7CAlegreya:700 fonts.googleapis.com/css?family=Roboto%7CRoboto+Condensed:700 fonts.googleapis.com/css?family=Vollkorn:700italic,700%7CExo:400,400italic fonts.googleapis.com/icon?family=Material+Icons https://cdnjs.cloudflare.com/ajax/libs/dragula/3.7.2/dragula.min.css https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal-default-theme.min.css https://cdnjs.cloudflare.com/ajax/libs/remodal/1.1.0/remodal.min.css https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,300italic,400italic,700,700italic https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,400italic,500,500italic,700italic,700,900,900italic https://unpkg.com/aos@2.3.1/dist/aos.css mdbootstrap.com/mdbcdn/mdb.min.css use.fontawesome.com/releases/v5.13.0/css/all.css; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; frame-ancestors 'none'; report-uri https://adflegal.report-uri.com/r/d/csp/wizard; block-all-mixed-content 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ridestore.org *.ingest.sentry.io android-webview-video-poster: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.facebook.net *.facebook.com *.sentry.io *.getsentry.com *.ingest.sentry.io *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.online-metrix.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.adyen.com *.paypal.com *.paypalobjects.com *.fitanalytics.com *.livechatinc.com *.knocdn.com *.try-snowplow.com *.trustedshops.com *.getmdl.io *.tiktok.com; object-src 'none'; media-src 'self' data: *.ctfassets.com *.ctfassets.net *.livechatinc.com; frame-src 'self' *.sentry.io *.getsentry.com *.facebook.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.paypalobjects.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.adyen.com *.fitanalytics.com *.livechatinc.com *.youtube.com *.videodelivery.net; report-uri https://o45992.ingest.sentry.io/api/5893254/security/?sentry_key=8a3336bf0af649cc8131a1785e058755&sentry_environment=production 2 connect-src https://www.overstockgovernment.com http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com;default-src 'self' https://www.overstockgovernment.com 'unsafe-inline' http://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;font-src http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;frame-src http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io;img-src https://www.overstockgovernment.com data: http://*.hotjar.com http://*.hotjar.io https://listen.audiohook.com https://*.hotjar.com https://*.hotjar.io https://ak1.ostkcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com;object-src 'none';report-uri https://api.overstock.com/contentsecurity/report;script-src 'self' 'unsafe-inline' http://*.hotjar.com http://*.hotjar.io http://js-agent.newrelic.com http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://js-agent.newrelic.com https://snap.licdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com;style-src-elem https://www.overstockgovernment.com 'unsafe-inline' https://fonts.googleapis.com 2 report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org snap.licdn.com tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.linkedin.com *.llnw.net *.m32.media *.scorecardresearch.com *.tiktok.com *.tv5unis.ca bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 2 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.qubeshub.org wss://vncproxy.qubeshub.org wss://qubeshub.org https://qubeshub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com/maps/api/mapsjs/ https://docs.google.com https://monorail-edge.shopifysvc.com/v1/ https://simiode.myshopify.com/api/2021-07/; default-src 'self' https://*.qubeshub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://use.fontawesome.com/releases/v4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://at.alicdn.com/t/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://www.paypal.com/cgi-bin/webscr; frame-ancestors 'self' https://qubeshub.org/; frame-src 'self' https://*.qubeshub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://syndication.twitter.com https://platform.twitter.com https://app.genial.ly/ https://app.involve.me/qubes/ https://cdnapisec.kaltura.com https://community.gep.wustl.edu https://docs.google.com https://etherpad.openstack.org https://etherpad.opendev.org https://fortress.maptive.com https://giphy.com https://gvsu.hosted.panopto.com https://rpubs.com https://shorts.flipgrid.com https://www.youtube.com https://www.google.com/ https://www.educreations.com https://www.rpubs.com https://www.geogebra.org https://www.mentimeter.com https://padlet.com/ https://w.soundcloud.com/ https://open.spotify.com; img-src * data: image: file: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.3/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ScrollMagic.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/ https://cdn.syndication.twimg.com/timeline/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://embedr.flickr.com/assets/ https://widgets.flickr.com/embedr/ https://use.fontawesome.com/88cd5351e6.js https://cdn.mathjax.org/mathjax/contrib/a11y/ https://www.geogebra.org https://sdks.shopifycdn.com/ https://code.jquery.com https://releases.flowplayer.org/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://use.fontawesome.com/88cd5351e6.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://releases.flowplayer.org/; worker-src blob:; media-src 'self' data:; report-uri https://csp.hubzero.org/csp-cms.php 2 image-src access.nagich.com www.googleadservices.com www.google-analytics.com ct.pinterest.com; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://insights.hotjar.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com *.yotpo.com insight.adsrvr.org vars.hotjar.com www.pinterest.com *.trustpilot.com cookies.onetrust.mgr.consensu.org https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://img.youtube.com *.yotpo.com www.xtento.com cdn.xtento.com cdn.cookielaw.org https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com maps.googleapis.com *.yotpo.com aacdn.nagich.com s.pinimg.com www.googleadservices.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org js-agent.newrelic.com bam-cell.nr-data.net cdn.ometria.com www.xtento.com cdn.xtento.com intljs.rmtag.com ut.rd.linksynergy.com *.trustpilot.com cdn.cookielaw.org https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com access.nagich.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net api.magento.com commerce.adobe.io commerce.adobe.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com ws: *.yotpo.com aacdn.nagich.com access.nagich.com www.google-analytics.com stats.g.doubleclick.net settings.luckyorange.net bam-cell.nr-data.net cdn.cookielaw.org https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net www.xtento.com *.shoprunner.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca store.paradoxlabs.com www.xtento.com cdn.xtento.com *.shoprunner.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca *.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.shoprunner.io *.shoprunner.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca *.authorize.net *.shoprunner.io *.shoprunner.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com; font-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' https: data:; frame-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com https:; img-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com https:; script-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src d3j4a0a64un2pg.cloudfront.net fonts.gstatic.com app-reskin-test.herokuapp.com fonts.googleapis.com www.googletagmanager.com cdn.optimizely.com connect.facebook.net www.google-analytics.com tags.extole.com origin.extole.io origin-7.extole.io bat.bing.com ad.atdmt.com dppr2h9mtbi6o.cloudfront.net www.avant-test.com im2.tdfitloan.com mpsnare.iesnare.com 'self' 'unsafe-inline' https: 2 default-src 'self' blob: data: https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://*.getbeyond.com https://*.pardot.com/ https://www.youtube.com/ https://beyondinc.applytojob.com/ https://beyondinc.applytojob.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net https://*.getbeyond.com https://*.pardot.com https://www.facebook.com/; img-src 'self' blob: data: https://p.adsymptotic.com/ https://*.vimeocdn.com https://*.google.pl/ https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://secure.gravatar.com/avatar/b54d075628d2fd50c2c02e292b3a2d22 https://www.google.pl/pagead/1p-conversion/* https://stats.g.doubleclick.net/ https://i.ytimg.com https://*.getbeyond.com https://cdnjs.cloudflare.com/ajax/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com/tr/; font-src 'self' data: https://script.hotjar.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://static.juicer.io/ https://cdnjs.cloudflare.com/ajax/ https://static.juicer.io/ https://fonts.googleapis.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://widget.instabot.io/jsapi/rokoInstabot.js https://widget.instabot.io/jsapi/rokoInstabot.js* https://cdn.freshmarketer.com/750149/1801092.js https://acsbapp.com/apps/app/dist/js/app.js https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://www.googleadservices.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.getbeyond.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://cdnjs.cloudflare.com/ https://assets.juicer.io/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://assets.juicer.io/ https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://*.facebook.com https://stats.g.doubleclick.net/j/collect https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://src.freshmarketer.com https://livechat.instabot.io/clientlogin https://google.com/ads/ https://widgetapi.instabot.io https://src.freshmarketer.com/sr https://cdn.acsbapp.com/cache/app/getbeyond.com/config.json https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/en.build.json https://widgetapi.instabot.io/plugins.js* https://www.google-analytics.com; object-src 'none'; report-uri https://my.getbeyond.com/csp-report; 2 font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarna.com https://*.cylindo.com/ https://www.google.com *.nosto.com *.nos.to *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.checkout.com *.klarnacdn.net https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.gstatic.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarnaevt.com https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 object-src 'self'; script-src 'self' 'strict-dynamic' cdn.rawgit.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' https://consent.cookiebot.com/uc.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/0c7d1786-9e20-4305-9309-7678dc1c935c/cc.js https://eurazeo.actusnews.com/site/cotation_json.php https://consent.cookiebot.com/logconsent.ashx https://go.eurazeo.com/l/436982/2022-04-12/8jjb23 https://consent.cookiebot.com/316c68ee-7904-432f-af9e-89cde666d7ae/cc.js https://consent.cookiebot.com/88ce59b3-59dd-4b97-b3d2-ed7beda8f537/cc.js https://www.googletagmanager.com/gtm.js https://go.eurazeo.com/l/436982/2023-02-06/8kbwn2 https://go.eurazeo.com/l/436982/2023-02-06/8kbwnc cdn.rawgit.com https://cdn.jsdelivr.net 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://go.eurazeo.com/l/436982/2022-04-12/8jjb23 https://go.eurazeo.com/l/436982/2023-02-06/8kbwn2 https://go.eurazeo.com/l/436982/2023-02-06/8kbwnc; frame-ancestors 'self'; block-all-mixed-content 2 default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2 base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 2 font-src fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.sagepay.com use.fontawesome.com/releases/v5.6.0/webfonts *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com *.adyen.com https://www.facebook.com/ https://*.realexpayments.com/ *.sagepay.com *.nosto.com *.nos.to pay.realexpayments.com pay.sandbox.realexpayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.adyen.com https://lgpc.prismic.io https://vars.hotjar.com/ https://s7.addthis.com https://www.youtube.com https://www.facebook.com/ https://*.realexpayments.com/ https://player.vimeo.com/ https://www.google.com/ *.trustpilot.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to pay.realexpayments.com pay.sandbox.realexpayments.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com https://images.prismic.io/lgpc/ https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.nosto.com *.nos.to *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com https://player.vimeo.com/ www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ *.trustpilot.com https://s7.addthis.com https://api-public.addthis.com https://v1.addthisedge.com https://m.addthis.com https://z.moatads.com/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com cc-cdn.com use.fontawesome.com/releases/v5.6.0/css *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com *.adyen.com https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://*.addthis.com/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; font-src 'self' *.gstatic.com use.fontawesome.com; img-src 'self' data: *.eventdata.co.uk *.eventdata.uk eventdata.uk *.google-analytics.com px.ads.linkedin.com connect.facebook.com connect.facebook.net syndication.twitter.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.eventdata.co.uk *.eventdata.uk eventdata.uk pay.dnapayments.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com app.webreg.me snap.licdn.com connect.facebook.net use.fontawesome.com platform.linkedin.com platform.twitter.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; style-src 'self' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net app.gleanin.com connect.facebook.com; frame-src www.booking.com platform.twitter.com pay.dnapayments.com; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 2 default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.contentful.com data: blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.ctfassets.net *.contentful.com *.bugsnag.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report; 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2 font-src fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=communities 2 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; object-src 'self'; frame-src 'self'; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2 script-src higherlogiccloudfront.s3.amazonaws.com https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://cdn.jsdelivr.net/jquery.slick/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.aspnetcdn.com/ajax/ https://use.fortawesome.com/ cdn.informz.net https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com 'self' https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'unsafe-eval' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js; font-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d2x5ku95bkycr3.cloudfront.net https://fonts.googleapis.com/ fonts.googleapis.com higherlogiccloudfront.s3.amazonaws.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self' https://fonts.gstatic.com/ https://d1u9edeg3iwvk4.cloudfront.net data: https://cdn.jsdelivr.net/jquery.slick/; script-src-elem https://static.filestackapi.com/filestack-js/ https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'self'; media-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-stream.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self'; style-src https://cdnjs.cloudflare.com/ajax/libs/prism/ https://use.fortawesome.com/ 'unsafe-inline' https://cdn.jsdelivr.net/jquery.slick/ https://d3uf7shreuzboy.cloudfront.net/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ 'self' https://ajax.googleapis.com/ajax/libs/jqueryui/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ higherlogiccloudfront.s3.amazonaws.com https://d2x5ku95bkycr3.cloudfront.net/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://fonts.googleapis.com/ fonts.googleapis.com https://d1u9edeg3iwvk4.cloudfront.net; manifest-src 'self'; frame-src https://www.youtube.com/embed/ https://api.connectedcommunity.org/ 'self'; img-src https://cdn.jsdelivr.net/jquery.slick/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://img.youtube.com/vi/ 'self' https://d2x5ku95bkycr3.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/; object-src 'none'; worker-src 'self'; connect-src 'self' hl-managedservices.informz.net; default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://*.connectedcommunity.org/; 2 default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 2 img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 2 default-src https: blob: data: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2 font-src maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.viglink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2 font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net https://payment-stage.ecpay.com.tw/ https://payment.ecpay.com.tw/ 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.ytimg.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.facebook.net *.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com *.google.com *.google.com.tw *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.roundcubeplus.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: http: https:; font-src 'self' data: http: https:; media-src 'self'; report-uri /csp-report; 2 default-src 'self' *.my127.site blob: *.my127.site inviqa.com inviqa.de youtube.com *.doubleclick.net *.google.com *.googleadservices.com *.google.co.uk *.hubspot.com *.trackedweb.net *.hotjar.com madixel.de; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.my127.site inviqa.com inviqa.de *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.twitter.com *.trackedweb.net *.trackedlink.net madixel.de *.googleadservices.com *.ads-twitter.com; style-src 'self' 'unsafe-inline' *.my127.site inviqa.com inviqa.de; img-src 'self' *.my127.site data: inviqa.com inviqa.de *.google.co.uk *.google.com *.google-analytics.com *.twitter.com *.linkedin.com t.co *.hubspot.com *.hsforms.com *.doubleclick.net; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' *.my127.site data: inviqa.com inviqa.de; report-uri https://www.inviqa.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com secure.pay1.de payments.amazon.de jsctool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://api.mapbox.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com payments.amazon.de d.ratepay.com jsctool.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com; report-uri /.webscale/csp-report 2 font-src fonts.gstatic.com data: fonts.googleapis.com *.klarnacdn.net googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.google.com *.mercadolibre.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net addevent.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com s.ytimg.com *.google.com *.google.com.mx *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com *.google.com.in *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnaservices.com *.google-analytics.com addevent.com 'self' data: *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net getfirebug.com googleapis.com addevent.com *.googleapis.com *.fontawesome.com *.powerreviews.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnaservices.com maps.googleapis.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.googleapis.com *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 font-src *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://*.pinterest.com https://*.criteo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://adservice.google.com https://ade.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms https://*.cookielaw.org https://jde.blueconic.net https://*.contentsquare.net https://*.bidswitch.net https://*.adnxs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.criteo.com https://id5-sync.com https://*.ivitrack.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.openx.net https://*.krxd.net https://*.1rx.io https://*.thebrighttag.com https://*.eyeota.net https://*.tapad.com https://*.postcodeanywhere.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://unpkg.com *.avada.io https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://mpsnare.iesnare.com https://*.contentsquare.net https://*.criteo.com https://*.cloudfront.net https://*.postcodeanywhere.co.uk https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://*.contentsquare.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com 2 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 2 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https: 'self' data:; media-src https:; frame-src https:; font-src https: data:; connect-src https:; report-uri /report-csp-violation 2 default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2 report-uri https://cspapi.dev.torrentflood.com/api/csp; default-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.amazonaws.com *.fema.gov *.googleapis.com *.gstatic.com *.kaspersky-labs.com *.torrentflood.com *.trustarc.com accessdenied.pnc.com agents.floodsmart.gov analytics.google.com az416426.vo.msecnd.net cdn-forpci33.actonsoftware.com cdn.jsdelivr.net cdnjs.cloudflare.com ggpht.com google-analytics.com hartfordfloodonline.com home-c8.incontact.com marketing.torrentcorp.com maxcdn.bootstrapcdn.com mozbar.moz.com nfipdirect.com nfipdirect.fema.com nfipservices.floodsmart.gov player.vimeo.com pwm-image.trendmicro.com rum-collector-2.pingdom.net rum-static.pingdom.net selectiveflood.com ssl.google-analytics.com static3.avast.com stats.g.doubleclick.net tagmanager.google.com torrentcorp.com torrentflood.com use.fontawesome.com vortex.data.microsoft.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.torrentflood.com https://vmp.boldchat.com https://vms.boldchat.com https://*.boldchat.com https://*.torrentflood.com https://thehartford.getflood.com https://torrentflood.com https://www.hartfordfloodonline.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com data: blob: connectidfeed.did2-e1.investis.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com https://otp.tools.investis.com/assets/cas_refresh/scripts/cas-tool-helper.min.js *.investisdigital.com player.vimeo.com *.connectidfeed.did2-e1.investis.com assets.investisdigital.com cdnjs.cloudflare.com cdn.jsdelivr.net irs.tools.investis.com assets.investisdigital.com code.jquery.com api.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com data: blob: connectidfeed.did2-e1.investis.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com https://otp.tools.investis.com/assets/cas_refresh/scripts/cas-tool-helper.min.js *.investisdigital.com player.vimeo.com *.connectidfeed.did2-e1.investis.com assets.investisdigital.com cdnjs.cloudflare.com cdn.jsdelivr.net irs.tools.investis.com assets.investisdigital.com code.jquery.com api.investisdigital.com www.recaptcha.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com data: blob: connectidfeed.did2-e1.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com *.connectidfeed.did2-e1.investis.com; frame-src 'self' 'unsafe-inline' * data: blob: connectidfeed.did2-e1.investis.com *.investis.com www.google.com connectidfeed.did2-e1.investis.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com *.connectidfeed.did2-e1.investis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 2 font-src fonts.gstatic.com use.typekit.net d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypalobjects.com *.google.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com *.cookielaw.org maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline display.ugc.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org *.sprinklr.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2 default-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2 report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://h.online-metrix.net *.d.aa.online-metrix.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' https://www.google.*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.acsbapp.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.qvdt3feo.com https://*.stackadapt.com https://acdn.adnxs.com https://acsbapp.com https://connect.facebook.net https://contentdsp.com https://display-logix.containers.piwik.pro https://googleads.g.doubleclick.net https://js.hs-scripts.com https://maps.googleapis.com https://maps.gstatic.com https://qvdt3feo.com/* https://stats.g.doubleclick.net https://use.typekit.net https://www.google.com https://www.gstatic.com; img-src 'self' *.https://www.google data: https://*.adnxs.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.mdhv.io https://analytics.google.com https://arttrk.com https://cdn.acsbapp.com https://jelly.mdhv.io https://maps.gstatic.com https://p.typekit.net https://*.stackadapt.com https://use.typekit.net https://www.facebook.com https://www.googletagmanager.com https://www.sfbcic.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gravatar.com https://*.google.com https://www.gstatic.com https://*.gofundme.com https://www.heber-springs.com https://www.hotsprings.org https://*fna.fbcdn.net https://*.acsbapp.com https://www.msfbins.com https://www.lafarmbureau.com https://www.afbic.com https://*.w55c.net; style-src 'self' 'unsafe-inline' https://*.stackadapt.com https://fonts.googleapis.com https://use.typekit.net; font-src 'self' data: https://acsbapp.com https://fonts.gstatic.com; connect-src 'self' https://*.acsbapp.com https://*.google-analytics.com https://*.google.com https://*.stackadapt.com https://adservice.google.com https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://zip.faverates.com *.https://stats.g https://*.googlesyndication.com https://yoast.com https://my.wpengine.com; frame-src 'self' https://*.googletagmanager.com https://td.doubleclick.net https://www.google.com https://*.spotify.com https://www.youtube.com https://mozbar.moz.com https://*.adsrvr.org; report-uri https://node-csp-reporter.herokuapp.com/csp-report-endpoint; 2 font-src *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.addtoany.com *.webotit.ai gjigle.com https://d1di987mdgym2l.cloudfront.net *.clic2buy.com *.criteo.com *.googlesyndication.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to secure-gateway.hipay-tpp.com *.hipay.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.trustpilot.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.etsystatic.com *.boticinal.com *.powersante.com gjigle.com *.bazaarvoice.com *.kelkoogroup.net *.bing.com *.google.com *.google.fr *.clarity.ms *.rubiconproject.com *.ads.yieldmo.com *.tremorhub.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.stickyadstv.com *.mediavine.com *.smaato.net *.doubleclick.net *.advertising.com *.yahoo.com *.adnxs.com *.liadm.com *.dmxleo.com *.criteo.com *.commerce-connectoer.com *.perfmaker.net *.bidswitch.net *.rlcdn.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.yieldlab.net *.smartclip.net *.twiago.com *.krxd.net *.adscale.de id5-sync.com *.thebrighttag.com *.sc.omtrdc.net *.demdex.net *.amazonaws.com *.nosto.com *.nos.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.privacy-center.org notifpush.com *.addtoany.com *.hipay-tpp.com *.hipay.com *.newrelic.com *.bazaarvoice.com *.cloudfront.net *.webotit.ai *.spockee.io *.kk-resources.com *.nr-data.net *.criteo.com *.criteo.net *.carts.guru *.bing.com *.elitrack.com *.clic2buy.com *.doubleclick.net *.clarity.ms *.googlesyndication.com *.perfmaker.net *.googleoptimize.com *.emxdgt.com *.weglot.com *.datadoghq-browser-agent.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to secure-gateway.hipay-tpp.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.trustpilot.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.weglot.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to *.hipay.com *.trustpilot.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com notifpush.com *.zendesk.com *.zdassets.com *.trustpilot.com *.nr-data.net *.spockee.io https://s.kelkoogroup.net *.doubleclick.net *.notifadz.com *.clarity.ms *.criteo.com *.criteo.net *.carts.guru gjigle.com *.weglot.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.nosto.com *.nos.to *.hipay.com wss://mpsnare.iesnare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'unsafe-inline' 'self' 'unsafe-eval' *.amazonaws.com *.bing.com *.cdn77.org *.clarity.ms cookiehub.net *.criteo.com *.criteo.net *.doubleclick.net *.ehi-siegel.de *.ehi-siegel.com *.facebook.net ct.fragranza.cz *.google.com *.googleapis.com *.googlecommerce.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.imedia.cz *.mouseflow.com ct.profi-parfemy.cz *.hairborn.cz *.heureka.cz *.hotjar.com *.mapy.cz *.newrelic.com app.notifikuj.cz *.nr-data.net ct.parfum-zentrum.de *.payments-amazon.com *.paypal.com *.paypalobjects.com *.seznam.cz *.smartlook.com *.smartsuppcdn.com *.smartsuppchat.com tracking.srovname.cz *.trustedshops.com *.twitter.com u.heatmap.it *.wirecard.com *.zasilkovna.cz *.zbozi.cz ; report-uri https://www.parfum-zentrum.de/cspreport.php?backend_server=app3 2 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com google-analytics.com googleapis.com; font-src 'self' fonts.gstatic.com googleapis.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' googletagmanager.com googleoptimize.com google-analytics.com analytics.connectholland.nl v2.zopim.com googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com connect.facebook.net; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 2 default-src 'self' *.stripchat.com data: blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org *.trafficjunky.net main.exoclick.com tsyndicate.com *.hotjar.com *.hotjar.io;img-src 'self' * data: blob: android-webview-video-poster:;script-src 'self' *.stripchat.com data: 'unsafe-inline' 'unsafe-eval' blob: *.amplitude.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.hpyrdr.dev *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.trafficjunky.net *.google.com platform.twitter.com main.exoclick.com tsyndicate.com wss://*.sc-apps.com www.googleadservices.com cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.2/fingerprint2.min.js *.hotjar.com *.crowdin.com cdntechone.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;connect-src 'self' *.stripchat.com *.amplitude.com *.doubleclick.net *.flixstorage.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.xhamsterlive.com *.xlivesex.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org syndication.twitter.com wss://*.stripchat.com wss://*.stripcdn.com wss://*.stripcdn.com:8090 wss://*.stripst.com wss://*.stripst.dev wss://*.strpst.com wss://*.strwst.com wss://*.doppiocdn.com wss://*.doppiocdn.org wss://*.lovense.com wss://*.lovense-api.com wss://*.sc-apps.com *.crowdin.com crowdin.com datatechone.com stquality.org accounts.google.com *.nktrdr.com *.ktkjmp.com *.xhamster.com *.llyjmp.com *.lxzrdr.com *.mgdjmp.com *.rdfxgo.com *.smljmp.com *.stripcash.com *.xxxjmp.com *.xxxivjmp.com *.xxxvjmp.com *.xxxviijmp.com *.xxxviiijmp.com *.xlrdr.com *.xlirdr.com *.xliirdr.com *.xlivrdr.com *.xlvrdr.com *.xlviirdr.com *.xlviiirdr.com *.zybrdr.com *.bbrdbr.com *.dmsktmld.com *.fxmnba.com;media-src 'self' *.stripchat.com data: blob: *.ahcdn.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.doppiocdn.com *.doppiocdn.net *.doppiocdn.org;style-src 'self' *.stripchat.com 'unsafe-inline' *.googleapis.com *.hytto.com *.lovense.club:* *.lovense.com *.lovense-api.com *.stripcdn.com *.stripst.com *.stripst.dev *.strpst.com *.strwst.com *.tagmanager.google.com *.crowdin.com accounts.google.com;frame-src * data:;report-uri /_csp 2 font-src *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com *.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.abtasty.com *.cloudfront.net *.cloudflare.com *.facebook.net *.tiktok.com *.zdassets.com *.tommy.com *.calvinklein.com.au *.luckyorange.net *.particularaudience.com *.stockinstore.net *.akamaihd.net *.teads.tv *.force.com sc-static.net *.salesforceliveagent.com *.adnxs.com *.trurating.com *.vanheusen.com.au *.pmnts.io *.klarna.com *.klarnacdn.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.klarnaservices.com s7.addthis.com *.google.com *.googletagmanager.com *.google.com.au *.pmnts-sandbox.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.afterpay.com *.doubleclick.net *.pinimg.com *.cfjump.com *.roymorgan.com *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypalobjects.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.bazaarvoice.com *.stockinstore.net *.klarnacdn.net *.akamaihd.net *.force.com display.ugc.bazaarvoice.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 2 font-src *.fontawesome.com *.artdeco.com *.artdeco.de *.bootstrapcdn.com *.heidelpay.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.google.com *.ratepay.com *.pay1.de *.heidelpay.com *.jsctool.com *.trbo.com *.hotjar.com *.hotjar.io *.redintelligence.net ad4m.at *.ad4m.at *.ad4mat.net *.ad-srv.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.mollie.com *.nosto.com *.nos.to *.artdeco.com *.artdeco.de *.usercentrics.eu *.trustedshops.com *.outbrain.com 'self' data: *.googletagmanager.com *.pay1.de *.tiktok.com *.pinterest.com *.facebook.com *.google.com *.google.de *.adserver01.de *.adition.com *.taboola.com ad4m.at *.ad4m.at *.creative-serving.com *.doubleclick.net *.adsrvr.org *.adscale.de *.onaudience.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.twiago.com *.exelator.com *.adc-serv.net *.df-srv.de *.ad4mat.de *.adfarm1.adition.com *.adform.net *.adnxs.com *.kupona.de *.yieldlab.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.b-ite.com *.usercentrics.eu *.googletagmanager.com *.getflowbox.com *.trustedshops.com *.google.com *.gstatic.com *.outbrain.com *.pay1.de *.ratepay.com *.heidelpay.com *.trbo.com *.hotjar.com *.hotjar.io *.facebook.net *.tiktok.com *.scarabresearch.com *.pinimg.com *.dwin1.com *.taboola.com ad4m.at *.ad4m.at *.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to *.bootstrapcdn.com *.artdeco.com *.artdeco.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.usercentrics.eu *.google-analytics.com *.ratepay.com *.heidelpay.com *.scarabresearch.com *.pinterest.com *.tiktok.com *.doubleclick.net *.hotjar.com *.hotjar.io *.taboola.com *.getflowbox.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src js.klevu.com 'unsafe-inline' data: *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.authorize.net *.paypal.com *.vimeo.com *.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.mention-me.com *.nosto.com assets.braintreegateway.com pay.google.com *.yotpo.com webchat.dotdigital.com *.nos.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://static.afterpay.com *.nosto.com *.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu www.spectrumnoir.com *.paypal.com *.ftcdn.net *.behance.net s.ytimg.com *.ksearchnet.com assets.braintreegateway.com *.yotpo.com *.nos.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com *.klevu.com www.dwin1.com www.google.com www.gstatic.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com *.ytimg.com video.google.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com *.cardinalcommerce.com polyfill.io api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co c.paypal.com pay.google.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.klevu.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.klevu.com *.gstatic.com getfirebug.com *.afterpay.com *.ksearchnet.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.yotpo.com *.googleapis.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.cardinalcommerce.com *.algolia.net *.algolia.com *.afterpay.com secure.authorize.net test.authorize.net assets.adobedtm.com *.vimeocdn.com *.onetrust.com cdn.acsbapp.com t.paypal.com *.ytimg.com bam-cell.nr-data.net video.google.com *.google-analytics.com *.stats.g.doubleclick.net *.vimeo.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com polyfill.io *.klevu.com api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co pay.google.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nos.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src clickydata.com *.clickydata.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net clickydata.com *.clickydata.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com blob: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net clickydata.com *.clickydata.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.avada.io *.mlstatic.com *.mercadopago.com https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net clickydata.com *.clickydata.com www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com maf.pagosonline.net devicefingerprinting.fraudvault.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.yotpo.com *.googleapis.com *.fontawesome.com 'self' data: static.olark.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com *.yotpo.com static.olark.com *.facebook.com *.pinterest.com *.addthis.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com *.facebook.com store.paradoxlabs.com 'self' data: *.pinterest.com *.olark.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com innovolifestyles.com logfurnitureplace.com woodlandcreekfurniture.com *.facebook.net *.googletagmanager.com img.youtube.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://checkout-sandbox.getbread.com/bread.js https://checkout.getbread.com/bread.js https://connect-preview.breadpayments.com/sdk.js https://connect.breadpayments.com/sdk.js https://connect-preview.rbc.breadpayments.com/sdk.js https://connect.rbcpayplan.com/sdk.js https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net player.vimeo.com *.youtube.com *.authorize.net *.google.com *.gstatic.com *.dotdigital-pages.com *.klaviyo.com *.getbread.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://static.klaviyo.com *.yotpo.com *.fontawesome.com *.gstatic.com static.olark.com *.klaviyo.com s.pinimg.com *.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://*.ingest.sentry.io *.google-analytics.com *.authorize.net t.elasticsuite.io *.dotdigital-pages.com webchat.dotdigital.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com *.googleapis.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src * data: 'unsafe-inline'; 2 font-src *.klevu.com *.ksearchnet.com *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://hosted.paysafe.com *.sendcloud.sc customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net mageside.com *.canadapost.ca *.googleapis.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com videodelivery.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com media.sezzle.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.klarnacdn.net *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google-analytics.com *.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://api.test.paysafe.com https://api.paysafe.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2 script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.sandbox.paypal.com *.paypalobjects.com *.timpson-group.co.uk paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com g3d-app.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com g3d-app.com https://*.googleapis.com https://*.googleusercontent.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com www.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com s7.addthis.com https://cdnjs.cloudflare.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.google.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com google.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk *.paypal.com paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://ipinfo.io *.gstatic.com https://*.googleapis.com ekr.zdassets.com/ google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://images.unsplash.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; style-src *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.doofinder.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src https://analytics.tiktok.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self'; object-src 'none';img-src 'self' https://*.greenwheels.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.greenwheels.com https://www.google-analytics.com; frame-src https://*.greenwheels.com https://*.smartlook.com https://*.smartlook.cloud ; script-src 'self' 'unsafe-inline'; script-src-elem * 'self' https://*.smartlook.com https://*.smartlook.cloud 'nonce-randomlyGeneratedBase64Nonce' 'sha256-n/7gbCw+WmsD7F/+39VVixTYgKohObbo81AF86hI5vM=' 'sha256-6LznYDacT/3QgJvp0yiCfqUoy+XE5QloY8gZDhPtlPQ=' 'sha256-ruDyYgAnz/D7ohQLeFlVNQ7gRvg/K1NqaL/s8UgrOOg=' 'unsafe-eval'; worker-src 'self' blob: 2 font-src https://static.payzen.eu/static/ *.abtasty.com *.mopinion.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ www.facebook.com *.google.be connect.facebook.net *.youtube.com *.salesforce.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ www.google.com service.force.com gum.criteo.com *.google.be decathlonpro.my.salesforce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ media.decapro.com contents.mediadecathlon.com www.decathlonpro.fr www.facebook.com/tr/ www.google.fr c.contentsquare.net pixel.rubiconproject.com eb2.3lift.com dsum-sec.casalemedia.com ib.adnxs.com x.bidswitch.net us-u.openx.net/w/1.0/ pixel.advertising.com/ups/55980/ sync.taboola.com/sg/adroll-network/1/ ads.yahoo.com/cms/ editor-assets.abtasty.com *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com *.tagcommander.com *.vo.msecnd.net *.gstatic.com *.beyable.com *.doubleclick.net *.google.be *.google.ch *.google.ca *.google.it *.google.co.ma bat.bing.com *.adroll.com *.privacy-center.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.livechatinc.com/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.force.com *.salesforceliveagent.com *.privacy-center.org *.abtasty.com *.cloudfront.net *.tagcommander.com *.facebook.net *.contentsquare.net decathlonpro.my.salesforce.com *.google-analytics.com beyableprod.blob.core.windows.net *.beyable.com az693360.vo.msecnd.net *.mopinion.com *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com *.cloudflare.com *.dynatrace.com *.newrelic.com *.nr-data.net decathlonpro.my.site.com decathlonpro--uat.sandbox.my.site.com decathlonpro--uat.sandbox.my.salesforce.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.googleapis.com *.google.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.payzen.eu/static/ service.force.com *.mopinion.com decathlonpro.my.site.com decathlonpro.my.salesforce.com decathlonpro.force.com decathlonpro--uat.sandbox.my.salesforce.com decathlonpro--uat.sandbox.my.site.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.decathlonpro.fr/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ *.blob.core.windows.net front.lytics.beyable.com stats.g.doubleclick.net/j/ *.abtasty.com maps.googleapis.com *.mopinion.com *.contentsquare.net *.thank-you.io *.atinternet-solutions.com *.atinternet.io *.atinternet.com *.aticdn.net *.ati-host.net *.xiti.com status.piano.io *.zdassets.com *.getbeamer.com *.luckyorange.net *.nr-data.net *.dynatrace.com *.privacy-center.org decathlonpro.force.com decathlonpro--uat.sandbox.my.site.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.buckaroo.nl https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 2 object-src 'none'; script-src 'self' cdn.jsdelivr.net widgets.custplace.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 2 font-src *.gstatic.com data: *.fontawesome.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.worldpay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.meetanshi.com *.worldpay.com *.zoho.com js.mollie.com *.trustpilot.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.meetanshi.com *.zoho.com https://www.mollie.com https://redchamps.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://stackpath.bootstrapcdn.com https://display.powerreviews.com https://ui.powerreviews.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.fontawesome.com *.avada.io *.meetanshi.com *.worldpay.com *.zoho.com js.mollie.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline cdn.jsdelivr.net fonts.googleapis.com https://ui.powerreviews.com https://fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.zoho.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.getalma.eu https://display.powerreviews.com https://ui.powerreviews.com *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io *.meetanshi.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src www.searchanise.com *.searchserverapi.com https://cdn.checkout.com *.useinsider.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.nitrocdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com *.useinsider.com nitropack.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.useinsider.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com flagpedia.net *.nitrocdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarna.com *.klarnaservices.com *.googletagmanager.com *.facebook.net *.zdassets.com *.nitrocdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://cdn.checkout.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.nitrocdn.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.amplitude.com stats.g.doubleclick.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com www.gstatic.com *.getnitropack.com nitropack.zendesk.com *.zdassets.com *.nitrocdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src https://stackpath.bootstrapcdn.com https://www.google.com/ https://www.googletagmanager.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://secure.livechatinc.com https://www.google.com/ https://www.googletagmanager.com *.weltpixel.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://pbs.twimg.com https://inclusive-technology.uat71.creode.co.uk https://www.google.com https://www.googletagmanager.com https://www.google.co.uk http://www.inclusive.co.uk http://services.postcodeanywhere.co.uk www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.zdassets.com https://www.googletagmanager.com https://chimpstatic.com http://inclu11111.pcapredict.com http://cdn.livechatinc.com https://api.livechatinc.com http://services.postcodeanywhere.co.uk https://www.google.com/ *.googleapis.com *.google.com *.gstatic.com *.avada.io www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://stackpath.bootstrapcdn.com http://services.postcodeanywhere.co.uk https://www.google.com/ https://www.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://inclusivesupport.zendesk.com https://ekr.zdassets.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://api.livechatinc.com http://services.postcodeanywhere.co.uk https://www.googletagmanager.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com cl.avis-verifies.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com *.adsymptotic.com *.kameleoon.com *.kameleoon.eu www.netreviews.eu cl.avis-verifies.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.clarity.ms *.kameleoon.com *.kameleoon.eu *.piwik.pro cl.avis-verifies.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com bat.bing.com *.doubleclick.net *.clarity.ms https://address-validation-service-api.pim-testing.aws.lsbit.be t.elasticsuite.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.piwik.pro *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://address-validation-service-api.pim-testing.aws.lsbit.be *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://www.google-analytics.com; child-src 'self'; object-src 'self'; style-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' *; manifest-src 'self'; form-action 'self'; block-all-mixed-content; 2 default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ir.oms.no http://*.reachmee.com https://*.sanity.io https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.no https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net; frame-src 'self' https://ir.oms.no http://*.reachmee.com; img-src 'self' data: https://ir.oms.no http://*.reachmee.com https://*.sanity.io https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.no https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net; media-src 'self' https://*.sanity.io; connect-src 'self' https://ir.oms.no http://*.reachmee.com https://*.sanity.io https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.no https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net; script-src-elem 'self' 'unsafe-inline' https://ir.oms.no http://*.reachmee.com https://*.sanity.io https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.no https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net; report-uri /api/csp-report 2 font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net *.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es pay.google.com https://www.google.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net www.google.com store.paradoxlabs.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net pay.google.com googleads.g.doubleclick.net www.clarity.ms https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co *.trustpilot.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net www.googleadservices.com www.google.com analytics.google.com api.comapi.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addtoany.com *.pinterest.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.pinterest.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addtoany.com *.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addtoany.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.haecker-kuechen.com https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://cdn.mouseflow.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.nl https://*.google.dk https://*.google.pl; frame-src https://*.haecker-kuechen.de https://*.haecker-kuechen.com https://player.vimeo.com https://online.fliphtml5.com https://bid.g.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.nl https://*.google.dk https://*.google.pl; report-uri https://cspreports.haecker-kuechen.com/ 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: fonts.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jsctool.com *.sendinblue.com sibautomation.com *.klarna.com secure.pay1.de payments.amazon.de www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.klarna.com *.klarnaevt.com *.klarnacdn.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.newrelic.com *.nr-data.net *.sendinblue.com sibautomation.com *.emailsys1a.net *.klarna.com *.klarnacdn.net *.klarnaservices.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.google.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net d.ratepay.com d.payla.io dr.payla.io *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.newrelic.com *.nr-data.net *.sendinblue.com sibautomation.com maps.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com payments.amazon.de d.ratepay.com jsctool.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 2 frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' fonts.googleapis.com;object-src 'none';frame-src 'self' www.google.com;img-src 'self' data: fonts.gstatic.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' fonts.gstatic.com fonts.googleapis.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self'; report-uri https://eee1b62173267e184943aa9a8123112f.report-uri.com/r/d/csp/wizard; worker-src 'self'; 2 default-src 'self'; frame-src 'self' *.youtube.com destinilocators.com *.jotform.com *.adsrvr.org assets.ctfassets.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.trkn.us *.googletagmanager.com *.googlesyndication.com *.postscript.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.adsrvr.org *.googlesyndication.com destinilocators.com *.jotform.com chimpstatic.com *.mailchimp.com *.list-manage.com *.postscript.io connect.squareupsandbox.com connect.squareup.com; child-src 'self' *.youtube.com *.google.com *.twitter.com; style-src 'self' 'unsafe-inline' data: *.typekit.net *.googleapis.com *.googletagmanager.com *.mailchimp.com; img-src * blob: data:; media-src 'none'; object-src 'self' data: assets.ctfassets.net; connect-src *; font-src 'self' data: *.typekit.net; 2 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://www.magezon.com *.hubspot.com *.hsforms.com *.linkedin.com *.adsymptotic.com *.otcindustrial.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.termly.io *.fullstory.com *.licdn.com *.doubleclick.net *.listenlayer.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.cenpos.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.fullstory.com *.termly.io *.linkedin.oribi.io *.analytics.google.com *.hubspot.com *.hubapi.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.google.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.hotjar.com bat.bing.com cdn.adasitecompliance.com adasitecompliancetools.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.google.com *.gstatic.com *.hotjar.com *.nr-data.net *.newrelic.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net downloads.mailchimp.com unsafe-inline *.amazonaws.com *.materialdesignicons.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.brilliantcollector.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://luminary.report-uri.com/r/d/csp/wizard 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://stats.pusher.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.rawgit.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://maps.gstatic.com https://*.collateral360.com https://*.pendo.io https://*.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://ws-us2.pusher.com; frame-src 'self'; form-action 'self'; report-to default 2 frame-src www.cyclescheme.co.uk *.greencommuteinitiative.uk *.trustpilot.com *.instagram.com *.facebook.com *.google.co.uk *.google.com *.youtube-nocookie.com *.strava.com *.paymentsense.cloud *.dojo.tech *.googletagmanager.com; connect-src 'self' *.fontawesome.com *.google.com *.trustpilot.com *.visitors.live *.nr-data.net *.appspot-preview.com *.luckyorange.net *.luckyorange.com maps.googleapis.com api.getaddress.io stats.g.doubleclick.net www.google-analytics.com l.sharethis.com *.paymentsense.cloud *.dojo.tech *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com www.cyclescheme.co.uk *.greencommuteinitiative.uk www.google.com; default-src 'self' *.googleapis.com *.trustpilot.com; script-src 'self' 'unsafe-inline' *.typekit.net kit.fontawesome.com cdn.jsdelivr.net *.trustpilot.com *.cloudflare.com *.addthis.com *.instagram.com *.facebook.net *.cloudfront.net *.luckyorange.com *.googleadservices.com *.doubleclick.net *.newrelic.com *.nr-data.net maps.googleapis.com cdnjs.cloudflare.com *.getaddress.io getaddress.io *.sharethis.com www.gstatic.com www.google.com *.paymentsense.cloud *.dojo.tech *.google.com *.googletagmanager.com *.online-metrix.net code.jquery.com *.google-analytics.com; img-src 'self' 'unsafe-inline' data: https: 0.gravatar.com l.sharethis.com www.googletagmanager.com www.google-analytics.com; font-src 'self' *.typekit.net *.fontawesome.com *.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net cdnjs.cloudflare.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self' *.facebook.com www.paypal.com mdepayments.epdq.co.uk gateway.cardstream.com test.sagepay.com live.sagepay.com secure.worldpay.com; 2 font-src *.fontawesome.com fonts.gstatic.com *.tawk.to *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.google.com.ua 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com www.google.com.ua maifon.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net embed.tawk.to static.hotjar.com cdn.jsdelivr.net script.hotjar.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com *.gstatic.com *.tawk.to *.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.tawk.to wss://*.tawk.to *.google-analytics.com *.hotjar.com stats.g.doubleclick.net api.multisearch.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com s7.addthis.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src static.afterpay.com/ *.sharethis.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com ekr.zdassets.com/ *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com secure.novalnet.de customers.barzahlen.de customers-sandbox.barzahlen.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.oxomi.com https://widgets.trustedshops.com *.oxomi.com/ *.google.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com cdn.novalnet.de cdn.barzahlen.de 'self' data: *.oxomi.com www.trustedshops.com *.authorize.net *.braintreegateway.com *.ytimg.com *.google.com *.paypal.com *.vimeo.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' data: *.oxomi.com https://widgets.trustedshops.com *.getfirebug.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com 'self' data: *.paypal.com *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://sdmage2.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 font-src *.gstatic.com data: *.olark.com *.fontawesome.com *.typekit.net 'self' data: fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cybersource.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.olark.com *.google.com *.hubspot.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com store.paradoxlabs.com *.olark.com *.webdamdb.com *.amazon.com *.amazonaws.com *.cloudfront.net *.linkedin.com *.google.com *.adsymptotic.com 'self' data: *.hubspot.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.pingdom.net *.hsforms.net *.hsforms.com *.olark.com *.calendly.com *.cloudfront.net *.licdn.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.hs-scripts.com *.hs-analytics.net *.usemessages.com *.hs-banner.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cardinalcommerce.com h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.pingdom.net *.olark.com *.calendly.com *.fontawesome.com *.typekit.net fonts.googleapis.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.pingdom.net *.olark.com *.hubspot.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.cardinalcommerce.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-tnUigiS06XLwN7Jy_u0Seg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline';report-uri /cspreport 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-hbZ5n9ephoguym2GT9jkasgtulvbPKGY1uGkjTeIa18='; base-uri 'self';report-to csp-endpoint 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-03279d785151ae03266f83f6b5c97ede' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src *.gravatar.com; script-src *.gravatar.com *.wp.com *.google-analytics.com *.googletagmanager.com apis.google.com/js/ 'nonce-b8113e76d8fc'; style-src 'self' *.gravatar.com *.wp.com fonts.googleapis.com 'nonce-265d806b9fa8' 'sha256-ONA8DqqhBTsIrZzU3/jZyRdkNkkAGEU74EH252dbGS8=' ;font-src data: *.gravatar.com *.wp.com fonts.gstatic.com; img-src data: *.gravatar.com gravatar.files.wordpress.com *.wordpress.com/mshots/ *.wp.com vaultpress.com; media-src https://videos.files.wordpress.com/; frame-src *.gravatar.com widgets.wp.com; connect-src *.gravatar.com *.google-analytics.com https://public-api.wordpress.com/; object-src 'none'; base-uri 'self'; report-uri https://public-api.wordpress.com/csp/; 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-6Mo8WBDbIAmqTAFZ0JrICA=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-TMAV1aNxbWyaXR4O8ZBaIw=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1 object-src 'none';base-uri 'self';script-src 'nonce-MtjKw3p614n8xK-fu259Pw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://www.yelp.com/csp_report_only?id=7c560ab96c34114a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1685931874; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' https: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; child-src 'self' blob: https:; manifest-src 'self'; frame-ancestors 'self' https:; worker-src 'self' https: blob:; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; base-uri 'self'; object-src 'self'; connect-src 'self' https: data:; report-uri https://typeformwww.report-uri.com/r/t/csp/reportOnly 1 img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-0e066c7d772344573c23aff5f43c60db' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-JQvERs_ltma9rmuKbtuRrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7dSBI1jndbY1leEOdRb2lQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn; report-to slardar-endpoint; style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline'; connect-src 'self' code.jquery.com ws://127.0.0.1:* www.wetab.link *.toutiaostatic.com *.douyinvod.com meetlookup.com *.sinaimg.cn xg.eggvod.cn tl.ytlogs.ru ocs-cn-north1.heytapcs.com analytics.google.com scriptcat.org tvax2.sinaimg.cn test.jpnet.cc q.qlogo.cn greasyfork.org translate.googleapis.com stats.g.doubleclick.net chrome-tools.shank.ifeng.com v7.pstatp.com wv.china.expressplay.cn cdnmd.global-cache.online utq.vvipquan.com safe.usergrowth.com.cn hm.baidu.com *.byteacctimg.com *.volcsiriusbd.com:* *.volcsirius.com:* *.bsgslb.cn:* *.zzcdnx.com:* *.bsccdn.net:* *.ourdvsss.com:* *.idouyinvod.com:* *.snssdk.com *.volcimagex.net *.bdxiguaimg.com *.toutiaoimg.com *.bytedance.com *.bdxiguastatic.com *.ixigua.com *.byteeffecttos.com *.itoutiaoimg.com *.toutiao.com *.365yg.com *.govwza.cn trans.xdtsmart.com *.douyinpic.com wx.qlogo.cn *.google-analytics.com *.zijieapi.com *.byteimg.com *.bytescm.com *.bytedance.net; manifest-src *.bytednsdoc.com; script-src 'strict-dynamic' 'nonce-008b7ce62d7645f1a59d654ceac30375' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com bdxiguastatic.com; frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1 object-src 'none';base-uri 'self';script-src 'nonce-sO7Kg2XjmNozXzP7cpcVaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-L2MxR54Wrrm2_Llvn3NuAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'nonce-fXe5aG6MRQf9mnrocPDBsyg8sot1f6cK' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-fXe5aG6MRQf9mnrocPDBsyg8sot1f6cK; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://secure.login.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov https://rum.browser-intake-ddog-gov.com https://session-replay.browser-intake-ddog-gov.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://vicbdc.prod.va.gov/ https://secure.login.gov https://feedback.digital-cloud-gov.voice.medallia.com https://public.govdelivery.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1 object-src 'none';base-uri 'self';script-src 'nonce-Bz7HkI1kFlEf0oAqLoqEDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1 script-src 'nonce-CSwJSfTNJPGNmCZtQENmSA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 object-src 'none';base-uri 'self';script-src 'nonce-ERePcFlQUQdJ0e1rEEEN_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FatL0L2VadQe40ziZ8esZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lYRSwpYRVQzdjox58-LKAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5xNa7l66vvNZD9Zq4bLiTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 1 default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com *.mobgslb.tbcache.com *.mmstat.com px.effirst.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1 object-src 'none';base-uri 'self';script-src 'nonce-S9msK7gETCn0s-6KyuUbFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1 object-src 'none';base-uri 'self';script-src 'nonce-Fm2YyKugu9qAIJsy5L6p5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IdPEvh_5wfhuFkDWWSGkRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: wss: chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval';style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1 script-src https://www.airtable.com https://airtable-marketing.herokuapp.com https://airtable.com https://static.airtable.com/ 'unsafe-inline' 'unsafe-eval' 'report-sample' https: blob:; style-src 'unsafe-inline' https:; block-all-mixed-content; object-src //pages.airtable.com; base-uri 'none'; report-uri https://airtable.com/.csp/report 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-51ce940fcc8a7d2fb06efd55da1367cb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-w3YsW_RMTNWDk1CCIaQIlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1 script-src 'self' https://ajax.aspnetcdn.com https://ajax.googleapis.com https://canvasjs.com https://cdn.jsdelivr.net https://cdn.plot.ly https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.osha.gov; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1 script-src 'self' *.concur.com concur.com *.concursolutions.com *.concursolutionsus.sc.omtrdc.net *.concursolutionseu.sc.omtrdc.net *.concurcdc.cn *.sap.com *.concurmessaging.com platform.cloud.coveo.com *.platform.cloud.coveo.com *.coveo.com coveo.com docs.coveo.com *.docs.coveo.com connect.coveo.com *.connect.coveo.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com googletagmanager.com google-analytics.com *.google-analytics.com *.gstatic.com *.stats.g.doubleclick.net *.adobedtm.com adobetm.com *.assets.adobedtm.com assets.adobedtm.com *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com walkme.com *.cdn.walkme.com cdn.walkme.com *.glancecdn.net glancecdn.net *.glance.net glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.enable-now.cloud.sap *.cloud.sap *.ondemand.com *.newrelic.com newrelic.com *.nr-data.net *.qualtrics.com *.siteintercept.qualtrics.com *.ridecharge.com 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1 default-src *.temu.com *.kwcdn.com wss://*.temu.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-eval'; report-uri /api/sec-csp/c/sec-gif 1 object-src 'none';base-uri 'self';script-src 'nonce-M_AyiUWxq_EaNqyY_wS4QA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZOryaLQ66jH72AwONEFqMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XD63XhSYNX1fs5oWdL7vxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VLz715tILqo7b9EgIh1cwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LS-Av4ZF8x69iOrSJb3tLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org wikimania.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1 base-uri https://www.amnesty.org;frame-ancestors 'none';default-src 'self' data: https://www.amnesty.org; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.google.com https://my2.siteimprove.com https://googleads.g.doubleclick.net https://id.siteimprove.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://www.amnesty.org https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' data: https://amnesty-crisis-evidence-lab.github.io https://amnestywebsite.github.io https://e.infogram.com https://flo.uri.sh https://infogram.com https://join.amnesty.org https://js.stripe.com https://platform.twitter.com https://recaptcha.google.com https://story.mapme.com https://www.facebook.com https://www.google.com https://www.recaptcha.net https://www.youtube-noocookie.com https://www.youtube.com https://youtu.be https://w.soundcloud.com https://play.prx.org https://viewer.mapme.com https://vars.hotjar.com https://my2.siteimprove.com; img-src 'self' 'strict-dynamic' data: https://www.amnesty.org https://www.gstatic.com https://www.google-analytics.com https://podfollow.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://static.hotjar.com https://script.hotjar.com; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.stripe.com https://static.hotjar.com https://script.hotjar.com; script-src-attr 'self' 'strict-dynamic'; script-src-elem 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://js.stripe.com https://www.google-analytics.com https://platform.twitter.com https://cdn.siteimprove.net https://www.googleoptimize.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://www.amnesty.org https://static.hotjar.com https://script.hotjar.com; style-src-attr 'self' 'unsafe-inline'; report-uri https://amnesty.report-uri.com/r/d/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-mqfJgef5GuK9p7DeKTFemw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-SQFLx6M1Nws582D5LpoMUg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 object-src 'none';base-uri 'self';script-src 'nonce-65BDM76Ja9GmckbdZzwvdA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'nonce-061f8ba199faa40316684a9a857dd272' 'self'; img-src * data:; style-src 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; style-src-elem 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; font-src 'self' *.itv.com; connect-src 'self' *.akamaihd.net *.amazonaws.com *.cassiecloud.com *.conviva.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io *.irdeto.com *.2cnt.net *.itv.com https://http-inputs-itv.splunkcloud.com:443/services/collector *.stripe.com *.syrenis.com *.tiktok.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cassiecloud.com *.conductrics.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.2cnt.net *.itv.com *.stripe.com *.tiktok.com ; media-src 'self' blob: *.akamaihd.net *.itv.com *.brightcovecdn.com; worker-src 'self' blob:; object-src 'self' data:; frame-src 'self' *.facebook.net *.facebook.com *.flashtalking.com *.stripe.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-VPmd_Xcq7MW-fCnoj6lBdA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-5fd69d2884d33f6c05b68034ccf81b59' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-GAmBCWEGvseJnHiSKf0Atw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1 object-src 'none';base-uri 'self';script-src 'nonce-AkXB37o30qIvM4spg1zHkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--E1m25ud2_Ruc8X0OOWjxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-26eae46b60e4a64d87ba165f2a780e2b' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-l2sP3YQ9d9-7h7DkyLHxPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vc1BUn6-sI8hm-KUHbnDmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2nAlrbq3uAwkPMZwlhIc-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self';connect-src 'self' https: https://www.recaptcha.net wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.recaptcha.net https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'sha256-l/3fcn6MZG0SSVJq6fOLe49ZKIjbWdNzhreJz7KQ/1M=' 'sha256-+MedjqNIfWWYUGuHJ53XLEjzmGDCp9Om50MVUO/C/zo=' https://ieatest.blob.core.windows.net https://iea.blob.core.windows.net 'nonce-dcDDJOm86SJ1XkY8zOuo28mi5jSkG1eh';style-src 'self' https: 'unsafe-inline';worker-src https://ieatest.blob.core.windows.net https://iea.blob.core.windows.net;frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-WrOK9rDdCgVJVD2JGJPiZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FI9Dtwh1cIUZMiNgZv9wNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-KIR8TkONpbt0zNkOAYMTvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-0ZJVDf4oOariOE9MN57ZaA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-yh0gRyWZC35olEOhS3EvQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wQR5QrbrZATN44FrEUICzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com mccs-chat-i4.ubstest.net:* mccs-chat-01-ch.iiz-te2.ubstest.net:* fuse.ubs.com *.mkt.dynamics.com *.azureedge.net; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src *.ubs.com *.ubs.net https://players.brightcove.net; base-uri 'none'; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch *.immoscout24.ch; form-action *.ubs.com *.ubs.net; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net optimus.foundation https://outlook.office365.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net mccs-chat-i4.ubstest.net:* mccs-chat-01-ch.iiz-te2.ubstest.net:* *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.brightcove.services *.boltdns.net *.brightcovecdn.com *.googleapis.com widgets.sentifi.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com *.mkt.dynamics.com *.azureedge.net; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.yahoo.co.jp *.adform.net *.akamaihd.net; report-uri /csp/reports 1 object-src 'none';base-uri 'self';script-src 'nonce-AOehDvFwfMpwvVCV7JGb3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: frame-ancestors go.akbars.ru 'self' *.akbars.ru; upgrade-insecure-requests; default-src 'self' *.akbars.ru www.akbars.ru https://*.yandex.net devaimee.akbars.ru dadata.ru https://api-maps.yandex.ru *.yandex.ru yandex.ru https://yastatic.net suggestions.dadata.ru statad.ru bank-lkz-akbars-gql.ipoteka.digital sravni.go2cloud.org www.akbars.ru fonts.gstatic.com mc.yandex.ru go.akbars.ru yandex.ru api-maps.yandex.ru stats.g.doubleclick.net dadata.ru googletagmanager.com www.googletagmanager.com; script-src 'self' *.akbars.ru 'report-sample' 'unsafe-inline' 'unsafe-eval' *.yandex.net https://unpkg.com/voximplant-websdk@4.6.2-2432/voximplant.min.js https://www.googleoptimize.com www.googleoptimize.com mc.yandex.ru statad.ru top-fwz1.mail.ru https://vk.com/js/api/openapi.js www.akbars.ru *.akbars.ru apps.akbars.ru ajax.aspnetcdn.com sitesearch-suggest.yandex.ru maps.yandex.net yandex.ru site.yandex.net api-maps.yandex.ru mc.yandex.ruclck.yandex.ru yastatic.net www.googletagmanager.com https://www.google-analytics.com www.googleadservices.com connect.facebook.net code.jquery.com api2.akbars.ru cdn.ru data: blob:; script-src-elem 'self' 'unsafe-inline' *.yandex.ru yandex.ru https://yastatic.net https://api-maps.yandex.ru www.googleoptimize.com testbankok.akbars.ru unpkg.com https://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com *.yandex.net; style-src 'self' *.akbars.ru 'report-sample' 'unsafe-inline' partners.akbars.ru apps.akbars.ru devaimee.akbars.ru fonts.googleapis.com yastatic.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://images.samsung.com 'self' ; frame-src 'self' identity-digitalprofile.dev.akbars.ru ad.new-programmatic.com api-maps.yandex.ru www.facebook.com www.youtube.com epc.akbars.ru payment-system-epc.msp.akbars.ru; child-src 'self' api-maps.yandex.ru; connect-src 'self' testbankok.akbars.ru wss://testbankok.akbars.ru*.akbars.ru wss://devaimee.akbars.ru pixel.kbki.ru bank-lkz-akbars-gql.ipoteka.digital partners.akbars.ru devaimee.akbars.ru dadata.ru suggestions.dadata.ru statad.ru statad.ru partners.akbars.ru apps.akbars.ru mc.yandex.ru api-maps.yandex.ru yastat.net yastatic.net yandex.st yandex.ru maps.yandex.net vk.com login.vk.com top-fwz1.mail.ru www.googletagmanager.com www.google-analytics.com google-analytics.bi.owox.com stats.g.doubleclick.net www.google.ru www.google.com googleads.g.doubleclick.net www.facebook.com; base-uri 'self' *.akbars.ru; img-src data: blob: 'self' statad.ru https://www.akbars.ru *.akbars.ru top-fwz1.mail.ru yastatic.net *.yastatic.net vk.com https://www.google-analytics.com *.yandex.ru *.yandex.net yandex.ru yandex.net https://googletagmanager.com https://www.googletagmanager.com https://i.ytimg.com; form-action 'self' *.akbars.ru; report-uri https://csp-collector-app.live-dmz.akbars.ru/ 1 object-src 'none';base-uri 'self';script-src 'nonce-L1j4JuZ4oU87KdT3OzhnHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 child-src 'self' blob:;connect-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaized.net https://*.kaltura.com https://endpoint.finnpanel.fi https://*.chartbeat.net https://api.mapbox.com https://events.mapbox.com https://api.flockler.com https://plugins.flockler.com https://*.stat.fi https://sak.userreport.com https://*.enetscores.com/ wss://migratory.enetpulse.com https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;default-src 'self';font-src data: https://yle.fi https://*.yle.fi https://*.enetscores.com/;frame-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://e.infogram.com https://platform.twitter.com https://www.instagram.com https://tag.userreport.com https://yle.reco.ebu.io https://assets-decodeurs.lemonde.fr;img-src 'self' data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://ping.chartbeat.net https://*.akamaized.net https://*.akamaihd.net https://*.analytics.edgekey.net https://*.cloudinary.com https://*.kaltura.com https://syndication.twitter.com https://visitanalytics.userreport.com https://flockler.com https://media-api.flockler.com https://fl-1.cdn.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;manifest-src 'self';media-src blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaihd.net https://*.akamaized.net https://*.kaltura.com;object-src 'none';prefetch-src https://*.akamaized.net https://*.kaltura.com https://ping.chartbeat.net;script-src 'self' 'unsafe-inline' blob: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://static.chartbeat.com https://tunnus-sdk.yle.fi https://*.analytics.edgekey.net https://*.kaltura.com https://www.gstatic.com https://sak.userreport.com https://e.infogram.com https://reco.ebu.io/news-reco-yle.js https://platform.twitter.com/ https://www.instagram.com/embed.js https://platform.instagram.com/ https://embed-cdn.flockler.com/embed-v2.js https://fl-1.cdn.flockler.com/ https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;style-src 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://fl-1.cdn.flockler.com/ https://*.enetscores.com/;upgrade-insecure-requests;report-to csp-report-endpoint;report-uri https://csp.aws.yle.fi/index 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1 object-src 'none';base-uri 'self';script-src 'nonce-o0EVus5qwpAQSWWEw5naiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-8um88YeiyiQa8etvnIVbHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 form-action 'self'; style-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.cnil.fr *.educnum.fr; frame-ancestors 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; img-src 'self'; frame-src 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.cnil.fr; object-src 'self'; font-src 'self'; base-uri 'self'; block-all-mixed-content; default-src 'self' data: blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-CYdkhdhjoYIsnL-h47RGOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-M-PqmaUAyl1SEKo5iuXnWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TsDipkfd8IXZGPqlxF8waw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-4ebaace13cb62411020e7bc14e55da49' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.de pixel-geo.prfct.co adservice.google.co.uk *.doubleclick.net www.artnet.com www.google.com *.serving-sys.com images.artnet.com secure.quantserve.com www.google.ca *.facebook.com secure.adnxs.com cdn.segment.com report.artnet.glassboxdigital.io *.licdn.com www.googletagmanager.com www.google.fr www.google.it www.google.com.au www.google.ch www.googletagservices.com region1.google-analytics.com service.urchin.com adservice.google.com *.googlesyndication.com *.addthis.com *.facebook.net *.gstatic.com www.google.es tag.marinsm.com www.google.co.in cdn.gbqofs.com www.google.be bat.bing.com cdn.linkedin.oribi.io www.google.de *.linkedin.com *.hotjar.com www.google.nl ak.sail-horizon.com www.google-analytics.com www.google.pl ib.adnxs.com prreqcroab.icu pixel.quantserve.com api.sail-track.com api.sail-personalize.com www.google.co.uk rules.quantcount.com fast.fonts.net *.clarity.ms; form-action www.artnet.com *.facebook.com; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-7GCsB8HZ6E-dNaNMznpZJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xsGy-RNgiaqHgvX6lgXwsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bvR2eCtEjkhBPPYFFjvqgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 style-src-elem 'unsafe-inline' 'self' *.tide.co fonts.googleapis.com; connect-src 'self' *.api.kustomerapp.com googleads.g.doubleclick.net pagead2.googlesyndication.com analytics.tiktok.com adservice.google.com session-replay.browser-intake-datadoghq.eu rum-http-intake.logs.datadoghq.eu www.datadoghq-browser-agent.com www.google.com bat.bing.com cdn.segment.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io secure.quantserve.com tr.outbrain.com; font-src 'self' data: *.tide.co *.kustomerapp.com fonts.gstatic.com script.hotjar.com; frame-src www.facebook.com www.google.com www.youtube.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: *.tide.co images.ctfassets.net *.quantserve.com cookie-cdn.cookiepro.com tr.outbrain.com chart.googleapis.com *.gstatic.com connect.facebook.net cds.taboola.com q.quora.com s3.eu-west-2.amazonaws.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com www.google-analytics.com *.google-analytics.com *.google.co.uk *.google.com *.google.com.au *.google.de *.google.fr *.google.co.in *.kustomerhostedcontent.com www.googletagmanager.com web.uploads.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' *.kustomerapp.com secure.quantserve.com rules.quantcount.com tr.outbrain.com amplify.outbrain.com analytics.tiktok.com *.googleoptimize.com optimize.google.com www.datadoghq-browser-agent.com cookie-cdn.cookiepro.com cdn.jsdelivr.net bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1 default-src 'self' https://*.fantia.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fantia.jp *.genieesspv.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net https://ec-widget.toranoana.jp nav.yumenosora.co.jp *.google-analytics.com www.googletagmanager.com www.googleoptimize.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net vjs.zencdn.net *.twitter.com static.ads-twitter.com *.clarity.ms *.recaptcha.net *.gstatic.com *.fontawesome.com *.chatplus.jp https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; font-src 'self' https://*.fantia.jp * data:; style-src 'self' https://*.fantia.jp 'unsafe-inline' * data:; img-src 'self' https://*.fantia.jp * blob: data: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: *.genieesspv.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net platform.twitter.com www.googletagmanager.com www.youtube.com player.vimeo.com *.recaptcha.net *.chatplus.jp; connect-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net id.fantia.jp https://fantia.s3.ap-northeast-1.amazonaws.com https://cc.fantia.jp https://c.fantia.jp https://ec-widget.toranoana.jp www.google-analytics.com stats.g.doubleclick.net *.clarity.ms *.fontawesome.com *.agora.io:* *.agoraio.cn *.ap.sd-rtn.com *.statscollector.sd-rtn.com:* api.veritrans.co.jp *.chatplus.jp wss://*.edge.agora.io:* wss://*.edge.agoraio.cn:* wss://*.edge.sd-rtn.com https://ogp-cache-system-prod-ij4goxpsha-an.a.run.app/api/v1/ogp/info https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; media-src 'self' https://*.fantia.jp *.genieesspv.jp *.gsspcln.jp *.gssprt.jp *.im-apps.net *.ad-stir.com *.i-mobile.co.jp *.amoad.com *.criteo.net *.criteo.com *.fout.jp *.goldspotmedia.com *.zucks.net j.zucks.net.zimg.jp *.zucks.co.jp ta-adquick.info nend.net *.rtbhouse.com *.ad-gate.net blob: https://*.chatplus.jp; frame-ancestors 'self' https://*.fantia.jp *.toranoana.jp toranoana.jp *.yumenosora.co.jp yumenosora.co.jp *.toranoana.co.jp toranoana.co.jp; form-action 'self' https://*.fantia.jp; report-to report-server; report-uri https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-2da6a5a546fd792907591b968a95ec00' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-f28c4083474b7eb57911d3db1bf240d1' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1 object-src 'none';base-uri 'self';script-src 'nonce-pdd0kgQOxQgQiggpvCS1CQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-to default; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc&sentry_environment=production&sentry_release=1.1.57 1 object-src 'none';base-uri 'self';script-src 'nonce-QOAw8ruxRsyfaN4Eg9ZN0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-9dbac92a5cac0e7067bbdbe6eadedeeb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 script-src 'unsafe-inline' 'unsafe-eval' https:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-WrXIqOMYmLs0YUAdcyHk3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LhvTZ5annqUK9DznPi4zbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; manifest-src 'self' https://cdn.wrike.com https://cdn.wrike-cn.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.app-eu.wrike-cn.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.wrike-cn.com https://*.www.wrike.com https://*.www.wrike-cn.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1 base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-ac6956d78a678d3c6299db5db81300b4' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com 'nonce-130bfacdafa0eb4f8aa2a70c804893cb' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com 'nonce-130bfacdafa0eb4f8aa2a70c804893cb';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%401.226.0&sentry_environment=prod 1 object-src 'none';base-uri 'self';script-src 'nonce-OgGFMKYL6fEsyawsC9LZHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https:; block-all-mixed-content; report-uri https://rum.cloud.bodybuilding.com/csp 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-GaC1kKO4bJIRKJTRg2PcMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; base-uri 'self'; font-src 'self' fonts.gstatic.com *.atlassian.com data:; worker-src blob:; media-src 'self' api.media.atlassian.com *.atlassian.com; img-src data: blob: 'self' *.badgen.net *.youtube.com atlassian.wpengine.netdna-cdn.com global.discourse-cdn.com img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atlassian.com *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com www.figma.com; connect-src 'self' *.googletagmanager.com *.algolianet.com *.algolia.net *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com *.algolia.io; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com *.atlassian.com 'unsafe-inline'; script-src 'nonce-IoIbFhYn12NGegaaRYfrZat95P9JPV39s11egk5Opcs=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com https://player.vimeo.com/api/player.js *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://run.pstmn.io/button.js 1 object-src 'none';base-uri 'self';script-src 'nonce-2tcSwSYIbv-6yPWIUVDa0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.es id.rlcdn.com www.google.co.in www.google.com.sa www.google.fi www.mczbf.com www.google.co.kr www.google.de sc-static.net pi.pardot.com www.google.tt www.google.co.cr huge.superpinkday.com cdnssl.clicktale.net api.mapbox.com www.paypal.com www.bing.com *.googleadservices.com *.facebook.com www.google.lt www.google.com.jm *.taboola.com *.bazaarvoice.com *.tealiumiq.com www.google.com.bo cdn.pricespider.com www.google.com.pk www.google.ca www.google.com.ph www.google.com.ng tag.demandbase.com fast.fonts.net www.google.co.ve bat.bing.com bam.nr-data.net *.googleapis.com *.doubleclick.net *.snapchat.com www.google.com.mx *.dotomi.com *.facebook.net c.clicktale.net tiny.superpinkday.com www.google.com.et tag-logger.demandbase.com www.google.co.il www.google.iq www.google.com.br www.google.com.gh wss://wtbstream.pricespider.com www.google.rs www.google.com.ec www.googletagmanager.com *.gstatic.com t.co s.tribalfusion.com ssl.kaptcha.com www.google.lv www.google.hn k-aus1.clicktale.net segments.company-target.com h.parrable.com www.google.com.ni cdn.cs.1worldsync.com www.google.pl *.akamaihd.net edge.api.brightcove.com www.google.com.eg www.google.co.ma adservice.google.com *.tiktok.com img.youtube.com locate.pricespider.com checkout.getbread.com *.ads-twitter.com cdn.honey.io omni.pricespider.com www.google.hr www.youtube.com cdn.linkedin.oribi.io region1.analytics.google.com www.paypalobjects.com cc.cs.1worldsync.com *.everesttech.net www.google.az i.ytimg.com www.google.ch cdn.pdst.fm www.google-analytics.com www.google.co.ug www.google.com *.omtrdc.net *.oraclecloud.com js.cnnx.link api.tiles.mapbox.com *.demdex.net www.google.com.my *.twitter.com us-central1-adaptive-growth.cloudfunctions.net www.google.se www.google.com.tw *.paypal.com fonts.gstatic.com epson.com l.clicktale.net xiecomm.paymetric.com www.google.hu www.google.com.bh analytics.google.com www.google.com.bd translate.google.com idsync.rlcdn.com www.google.com.np unpkg.com www.google.com.qa www.google.com.ar www.google.fr www.google.gr www.google.at px-taboola.parrable.com www.google.com.kw q-aus1.clicktale.net www.sjwoe.com *.licdn.com www.google.dz www.google.pt www.google.lk cdn.jsdelivr.net www.google.ru www.google.be *.emjcd.com www.google.ie www.google.cz www.google.com.mm www.google.co.uk www.google.si www.google.co.id *.googlesyndication.com cf-images.us-east-1.prod.boltdns.net forms.goepson.com www.google.com.pr js.qualified.com www.google.co.tz wss://ws.qualified.com sync.intentiq.com www.google.com.gt www.google.no www.google.tn manifest.prod.boltdns.net www.google.com.pa www.google.it www.google.com.sg *.windows.net *.epson.com *.opendns.com www.google.cl www.google.ae www.google.com.pe www.google.com.kh www.google.dk www.google.sk www.google.bg *.adsrvr.org www.google.com.au tags.tiqcdn.com *.linkedin.com www.google.com.sv s.yimg.com wtbng.pricespider.com embeddedcloud.pricespider.com wtbevents.pricespider.com mediaserver.goepson.com metrics.brightcove.com events.mapbox.com sp.analytics.yahoo.com www.bizrate.com api.company-target.com sync1.intentiq.com stat.dealtime.com cdnjs.cloudflare.com ws.cs.1worldsync.com tsdtocl.com api.intentiq.com a.tribalfusion.com app.qualified.com js-agent.newrelic.com www.livelook.com geoip-js.com; form-action *.facebook.com xiecomm.paymetric.com epson.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-K01BwCfOc2y6bPX1kMJqyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/ ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js acsbapp.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com bat.bing.com www.clarity.ms tags.clickagy.com cdn.cookielaw.org static.districtm.ca googleads.g.doubleclick.net pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ cdn.heapanalytics.com cdn.hellosign.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure.insightexpressai.com surveys.insightexpressai.com csr.inspsearchapi.com media-cdn.ipredictive.com embed.jungroup.com global.localizecdn.com api.maruusurv-serving.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com polyfill.io rules.quantcount.com secure.quantserve.com publishers.revenueuniverse.com wsdk.rokt.com sb.scorecardresearch.com classic.slingo.com jsd.supersonicads.com widget.trustpilot.com platform.twitter.com cdn.wootric.com static.zdassets.com assets.zendesk.com cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/ ucontent.prdg.io *.mogl.com swagbucks.7eer.net/js/799/1700/irv2.js acsbapp.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com bat.bing.com www.clarity.ms tags.clickagy.com cdn.cookielaw.org static.districtm.ca googleads.g.doubleclick.net pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ cdn.heapanalytics.com cdn.hellosign.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure.insightexpressai.com surveys.insightexpressai.com csr.inspsearchapi.com media-cdn.ipredictive.com embed.jungroup.com global.localizecdn.com api.maruusurv-serving.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com polyfill.io rules.quantcount.com secure.quantserve.com publishers.revenueuniverse.com wsdk.rokt.com sb.scorecardresearch.com classic.slingo.com jsd.supersonicads.com widget.trustpilot.com platform.twitter.com cdn.wootric.com static.zdassets.com assets.zendesk.com cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js d33wwcok8lortz.cloudfront.net/js/799/ d3op16id4dloxg.cloudfront.net/CSOWrapperAjax3.js d3op16id4dloxg.cloudfront.net/RelevantID4.js; report-uri https://csp.prodege.workers.dev/report 1 default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-qXaV2qiJAWwYme0ySUiFdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZB_aiZadGOyOcyNTn-97lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gEINvXZCUhKuQ1Ndvg0C5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-522e7259a873bcab37ba1a1ac8e057df' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-_LEaVXNaA5kMCwkV164HqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-K9TMThYz9vC7ekFWoB-u7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-dgnz7fVPCMbB29e3ZEr6SQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-eDOl2waNMOvGZ7FdzjRiIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' data: *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net snap.licdn.com analytics.tiktok.com sc-static.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk linkedin.com www.facebook.com t.co *.linkedin.com *.google.ch *.google.de *.google.nl *.google.com.eg *.google.es *.google.ee *.google.co.in *.google.co.uz *.adsymptotic.com *.tableau.com *.google.ge *.google.se *.google.com.bh *.google.sk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com match.adsrvr.org *.twentythree.net gateway.zscaler.net *.tableau.com *.snapchat.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' data: fonts.gstatic.com *.fca.org.uk at.alicdn.com; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com analytics.tiktok.com *.snapchat.com; report-uri https://o105440.ingest.sentry.io/api/234655/security/?sentry_key=78e86bb79e1f44d0b24b22ab1e9dc5d0; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-hP3R89tpJvM3sySetGBCcA=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 object-src 'none'; script-src 'strict-dynamic' 'report-sample' 'unsafe-inline' 'unsafe-eval' http: https: 'nonce-bCnXmdBMG9nFiz+5uF8QUg=='; base-uri 'self'; report-uri https://www.stitchfix.com/dynamic-shock/security/csp_reports?action_name=show&browser_type=C&controller_name=pages&logweasel_id=01H24VVAVTXJKWPJK2K4H475A1-DYNAMIC_SHOCK-WEB 1 report-to slardar-endpoint; script-src 'self' 'report-sample' 'wasm-unsafe-eval' 'nonce-9d5d917ffb53523f8d2fc18f0bf3afb8-argus' *.capcut.com *.ibytedtos.com *.google.com *.bytedance.net *.ttwstatic.com *.byteintl.net *.bytedance.com *.googletagmanager.com *.cdn-apple.com; connect-src 'self' *.capcut.com *.byteoversea.com *.bytedance.net *.faceulv.com *.byteintl.net *.ibytedtos.com *.bytecdn.com *.vodupload.com *.ibyteimg.com *.tiktokcdn.com *.bytevcloudapi.com *.goofy.app *.bytedance.com *.byteoversea.net *.isnssdk.com *.capcutstatic.com *.byteeffecttos-g.com *.yhgfb-static.com *.google-analytics.com *.google.com *.googleapis.com *.giphy.com *.doubleclick.net blob: wss:; frame-ancestors 'self' *.bytedance.com *.bytedance.net; 1 object-src 'none';base-uri 'self';script-src 'nonce-QyEXIj-noNqNMZafW2S-Hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-df6bc620eb9032edefdc9c9bf4b2eb70' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-X0lM6DKzUGkjeA29FQ6nmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.appcues.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com *.appcues.com; report-uri /api/v3/violations/csp 1 default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1 frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1 default-src 'none'; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self' https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net https://stats.g.doubleclick.net; 1 object-src 'none';base-uri 'self';script-src 'nonce-M71k0mUq2NziQnHC2z8DOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aSVfIZv8A_yDQecTXCMZWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-3u0ayxv36mHeSH2u9wAbxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1 object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com code.jquery.com https://cdn.boomcdn.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.polyfill.io https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://live-idb-config.pantheonsite.io https://polyfill.io https://public.tableau.com https://static.addtoany.com https://unpkg.com https://www.google.com maps.googleapis.com maxcdn.bootstrapcdn.com tether.io unitegallery.net; script-src-attr 'self'; style-src 'self' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://live-idb-config.pantheonsite.io https://use.fontawesome.com unitegallery.net 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-T06hZ6nNt5mt7e8wiC1FCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-inline' https: 'nonce-NniyATDzSm5WZM06YKn+hw==' 'strict-dynamic' 'report-sample';object-src 'none';base-uri 'none';report-uri /user-promo/platform/report-csp; 1 object-src 'none';base-uri 'self';script-src 'nonce-1nK6yMxPTcQMBZfNYKMG7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-g3a_aoE4Fnb2jle9mNnbxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-8711013bed6a87d642968a100a5a036d' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 object-src 'none';base-uri 'self';script-src 'nonce-Gyf5gbXBq9idh9yjMYC0jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TeADIy8k4aJtNw8wDdEkAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1 object-src 'none';base-uri 'self';script-src 'nonce-SUGYg9vJ4y4IUmDhbK7R9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none' media.blueapron.com; manifest-src 'self'; media-src 'self' static.zdassets.com media.blueapron.com; report-uri https://sjsbnmrmh4.execute-api.us-east-1.amazonaws.com/Prod/report_csp_violation 1 base-uri 'self' https://docs.helpscout.net https://www.linkedin.com; frame-src 'self' *.hotjar.com *.hotjar.io https://*.cardinalcommerce.com https://*.paypal.com https://accounts.google.com https://assets.braintreegateway.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://codesandbox.io https://docs.google.com https://drive.google.com https://embed.diagrams.net https://googleads.g.doubleclick.net https://pay.google.com https://player.vimeo.com https://tpc.googlesyndication.com https://vimeo.com https://www.facebook.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.grokkingpython.com https://www.paypalobjects.com https://www.youtube.com https://2-6-4-sandpack.codesandbox.io/ https://*.sandpack-static-server.codesandbox.io/ https://*.educative.run https://*.devpath.run https://js.educative.io https://sandpack.educative.io; object-src 'self' https://beacon-v2.helpscout.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ads-twitter.com https://*.cardinalcommerce.com https://*.hotjar.com https://*.hotjar.io https://*.paypal.com https://*.twitter.com https://*.youtube.com https://a.quora.com https://ajax.cloudflare.com https://assets.braintreegateway.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com/ajax/libs/babel-core/5.8.23/browser.js https://code.jquery.com/jquery-3.1.1.slim.min.js https://connect.facebook.net https://d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js https://educative.activehosted.com https://grow.clearbitjs.com https://js.braintreegateway.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsleadflows.net/leadflows.js https://js.usemessages.com https://player.vimeo.com https://px.ads.linkedin.com https://q.quora.com https://s.ytimg.com https://services.xg4ken.com https://snap.licdn.com https://static.cloudflareinsights.com https://tag.rmp.rakuten.com https://tags.rd.linksynergy.com https://tpc.googlesyndication.com https://track.linksynergy.com https://twitter.com https://www.dwin1.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://public.profitwell.com https://ws.zoominfo.com https://www.linkedin.com; worker-src 'self'; report-uri https://www.educative.io/report/csp; connect-src 'self' https://*.hubspot.com https://api.hubapi.com https://beacon-v2.helpscout.net https://cdn.growthbook.io https://cdn.linkedin.oribi.io https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://privacyportal.onetrust.com https://sentry.io https://static.profitwell.com https://www2.profitwell.com ws://localhost:3000/*. wss://*.devpath.run wss://*.educative.run wss://*.pusher.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://public.profitwell.com https://ws.zoominfo.com https://www.linkedin.com 1 object-src 'none';base-uri 'self';script-src 'nonce-1XZ7b5MDmziBKzjHFTwMZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PSISd2bbswc6rUL4uBFxjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 form-action *.globalsources.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.it www.google.co.uk *.googlesyndication.com fonts.gstatic.com adservice.google.com www.google.com.tr cdn.linkedin.oribi.io wss://127.0.0.1:2112 www.google.com.vn www.google.gr www.google.com.ph *.globalsources.com www.google.com.gh region1.analytics.google.com wss://127.0.0.1:63333 www.google.tt www.google-analytics.com www.google.pl www.google.com.sg *.clarity.ms www.google.co.th www.google.ae www.gstatic.com bat.bing.com www.google.lk www.google.com.ua www.youtube.com www.google.ie *.facebook.net cdn.dcloud.net.cn www.google.ca www.google.ro gsol-resource.s3.ap-east-1.amazonaws.com *.doubleclick.net www.google.co.id wss://127.0.0.1:5950 *.baidu.com www.google.de *.facebook.com wss://127.0.0.1:5279 www.google.co.il *.googleapis.com *.alicdn.com www.googletagmanager.com *.online-metrix.net www.google.com.my wss://wss.im.qcloud.com www.google.com.sa api.im.qcloud.com *.adsrvr.org www.google.com.br www.google.com.pk www.google.com.mx www.google.com.ng img01.yzcdn.cn wss://127.0.0.1:7070 psce.s3.cn-north-1.amazonaws.com.cn wss://127.0.0.1:5900 wss://wss.my-imcloud.com www.google.co.ug wss://127.0.0.1:6040 www.google.se www.google.com www.google.cn wss://127.0.0.1:5901 www.google.tn www.google.nl api.geetest.com www.google.co.za c.bing.com www.google.co.in www.google.co.jp *.licdn.com wss://127.0.0.1:5902 wss://127.0.0.1:5938 www.google.ru www.google.be wss://127.0.0.1:3389 xin-huanqiuziyuan.sfn-aws-singapore-01.saas.sensorsdata.cn static.geetest.com *.linkedin.com www.micstatic.com wss://127.0.0.1:5903 wss://127.0.0.1:5939 *.googleadservices.com analytics.google.com *.agora.io web.sdk.qcloud.com wss://127.0.0.1:5931 s3.ap-east-1.amazonaws.com wss://127.0.0.1:6039 api.my-imcloud.com wss://127.0.0.1:5944; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-xrfoQOHlqYrK73sFGA42AQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-gs440VEX7h-oX8RJJzh4Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://logging.snhu.edu/Logging/LogCSPViolation/; default-src 'nonce-4845232d096a3e6e3f41b526a24b59b0' 'self' *.facebook.com *.fullstory.com *.google.com *.google-analytics.com *.googletagmanager.com *.salesforceliveagent.com *.visualwebsiteoptimizer.com *.youtube.com; img-src 'self' p.adsymptotic.com s.amazon-adsystem.com *.bing.com www.facebook.com yt3.ggpht.com www.google.com www.google-analytics.com *.gstatic.com learn.org px.ads.linkedin.com study.com collector-4113.tvsquared.com *.videoamp.com dev.visualwebsiteoptimizer.com *.w55c.net sp.analytics.yahoo.com i.ytimg.com data: googleads.g.doubleclick.net www.googletagmanager.com id5-sync.com www.linkedin.com education.mediaalpha.com ads.stickyadstv.com tags.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net static.doubleclick.net connect.facebook.net service.force.com edge.fullstory.com s.go-mpulse.net www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com sd.iperceptions.com universal.iperceptions.com snap.licdn.com d.la4-c3-ph2.salesforceliveagent.com tr.snapchat.com sc-static.net collector-4113.tvsquared.com dev.visualwebsiteoptimizer.com cti.w55c.net www.youtube.com; style-src 'self' 'unsafe-inline' service.force.com www.youtube.com; frame-src 'self' activping.com www.facebook.com service.force.com www.google.com *.googlesyndication.com universal.iperceptions.com tr.snapchat.com www.youtube.com; script-src-elem 'self' 'unsafe-inline' *.adnxs.com static.ads-twitter.com *.bing.com googleads.g.doubleclick.net connect.facebook.net *.fcmrktplace.com service.force.com *.fullstory.com *.go-mpulse.net www.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googlesyndication.com www.googletagmanager.com cdn.mobius.highereducation.com universal.iperceptions.com cdn.jsdelivr.net snhu.kuali.co snap.licdn.com *.salesforceliveagent.com sc-static.net tr.snapchat.com collector-4113.tvsquared.com dev.visualwebsiteoptimizer.com cti.w55c.net *.yimg.com www.youtube.com; connect-src 'self' *.akamaihd.net *.akstat.io *.bing.com stats.g.doubleclick.net www.facebook.com *.fullstory.com c.go-mpulse.net analytics.google.com www.google-analytics.com api.iperceptions.com snhu.kuali.co cdn.linkedin.oribi.io tr.snapchat.com *.yimg.com; style-src-elem 'self' 'unsafe-inline' service.force.com fonts.googleapis.com *.googletagmanager.com snhu.kuali.co; font-src 'self' data: service.force.com fonts.googleapis.com fonts.gstatic.com snhu.kuali.co; 1 object-src 'none';base-uri 'self';script-src 'nonce-2K-J0A4ome8tUKCwvj-uHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7-Uo9u2k8SJcIm6ueyswLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PN-__-60QA-iK1HWPuFvmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1 report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://tiles.rz.uni-leipzig.de/ https://img.youtube.com/ https://i.ytimg.com/ https://www.gstatic.com/images/ https://translate.google.com/; script-src 'self' 'unsafe-inline' https://app1.edoobox.com/ https://cdn1.edoobox.com/ https://uni.wwwstat.rz.uni-leipzig.de/ https://vimeo.com/api/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://cdnjs.cloudflare.com/ajax/libs/leaflet/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/leaflet/ https://translate.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/; media-src 'self' data:; connect-src 'self' https://uni.wwwstat.rz.uni-leipzig.de/ https://www.uni-leipzig.de/ https://translate.googleapis.com/; frame-src https://app1.edoobox.com/ https://www.studieren-weltweit.de/ https://www.facebook.com/ https://www.sozphil.uni-leipzig.de/ https://studienbuero.erzwiss.uni-leipzig.de/ https://www.youtube-nocookie.com/embed/ https://player.vimeo.com/video/; object-src 'self'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org *.everesttech.net www.google.com.au *.onetrust.com adservice.google.com www.shareaholic.net www.google.com.tr amadeus.com m9m6e2w5.stackpathcdn.com tools.euroland.com www.googletagmanager.com geoip-js.com tools.eurolandir.com www.google.pt analytics.shareaholic.com *.omtrdc.net www.google.nl www.google-analytics.com *.demdex.net *.eloqua.com *.ads-twitter.com www.google.co.za www.google.com.br www.google.com www.google.es *.licdn.com *.doubleclick.net www.google.be www.google.com.co www.google.de apps.shareaholic.com tags.tiqcdn.com img06.en25.com www.google.dz collection.decibelinsight.net www.google.co.ao www.google.co.th *.gstatic.com cdn.decibelinsight.net www.google.fr www.google.it www.google.co.uk img.youtube.com www.youtube.com www.google.ch www.google.com.sa cdnjs.cloudflare.com *.googleapis.com www.google.com.ar js.maxmind.com www.google.com.pk t.co www.google.com.ng *.twitter.com udc-neb.kampyle.com www.google.ae www.google.ca ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-jKJp-yTeBlg_69_BMJd2Dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src https://*.hawkhost.com:443 data: 'unsafe-inline'; script-src 'self' ajax.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com https://*.google-analytics.com https://www.googletagmanager.com https://*.livechatinc.com https://*.hawkhost.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; connect-src https://*.doubleclick.net https://*.livechatinc.com https://*.google-analytics.com; frame-src https://*.doubleclick.net https://*.google.com https://*.livechatinc.com; media-src https://*.hawkhost.com:443 https://*.livechatinc.com; img-src https://*.hawkhost.com https://*.livechatinc.com https://*.google.com https://*.google-analytics.com; script-src-elem https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.hawkhost.com https://*.livechatinc.com 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-3AUFgum9cQIcgYL9b_rleA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xSotX2HqJwl6HT7v2FFOkg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1 script-src 'strict-dynamic' 'nonce-YCahox9fYxM+XiBtoVhtFg=='; 1 object-src 'none';base-uri 'self';script-src 'nonce-l174tKlpiDVRdEyRUEI3Iw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--KGr6hYgeB1v95_nGwskVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lNecFe5UXcpFTdq5b71Cqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://www.googleoptimize.com https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 object-src 'none';base-uri 'self';script-src 'nonce-bHaWwpcg64wbkRg_INcqyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XDmadxBiHNhKV84DxBReOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ktt23YUcsuau0UAlFBVO2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-c3oDhI-b8yIUP8FrFhbgKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ArE0N9lq4sJTmD3DgGMm0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-uB-QMJ8ouDhyxrAnM3FBfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-y0hXDFWoV7a81xolVc5kVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self' https://www.bing.com https://www.google.at https://www.google.de https://*.search.yahoo.com; report-uri https://www.rolex.com/csp-reports/?req_id=64f3644 1 object-src 'none';base-uri 'self';script-src 'nonce-sG94Wphm8zrTAz7YCCckCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data: blob: mediastream: http://*.uni-kiel.de https://*.uni-kiel.de 'unsafe-inline' 'unsafe-eval'; 1 object-src 'none';base-uri 'self';script-src 'nonce-7r19mV6y-TXIvb8OsIZZ3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Z0HPWQ_wYDMwa7Qa7PfRjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-zmQLCjhdLl5L5XNni6HMvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-_SXuyIql_bR0rhO_UzymVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe goog#html; report-uri https://csp.withgoogle.com/csp/angular.io 1 object-src 'none';base-uri 'self';script-src 'nonce-wade6TWCwFIk0b3se_fbBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-uCOpzrkiiVStf-9YRC3oAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6bZivTJfYAI_3JRhCnIJ0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-tIAtQvaRXpBHqEaniKZS1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.q:* https://*.ixl.z:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.t:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.admetricspro.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://*.admetricspro.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://imasdk.googleapis.com/js/sdkloader/ima3.js https://vjs.zencdn.net/7.11.4/video.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.0.0/videojs.ads.min.js https://adservice.google.com https://cdn.ampproject.org https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net/7.11.4/video-js.css https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.7.0/videojs.ads.css https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.css https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-mIxcaBAOB39k2EyK2mw2XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-12vQxlpfxxhvqAMoUfKwZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.bidr.io *.casalemedia.com *.ceros.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.facebook.com *.getbeamer.com *.googleoptimize.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com ceros-creative-services.s3.amazonaws.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com ; img-src * data: *.mutinycdn.com ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com data: *.ceros.com *.clarity.ms *.datadoghq.com *.google-analytics.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.onetrust.com *.pingdom.net *.segment.com *.segment.io *.sentry.io *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com cdn.cookielaw.org ceros-creative-services.s3.amazonaws.com d.adroll.com in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.bidr.io *.casalemedia.com *.ceros.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.facebook.com *.getbeamer.com *.googleoptimize.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.mutinycdn.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com ceros-creative-services.s3.amazonaws.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-r9wCVqinhlBG6AQRytOD8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Mfqn2WHZq6imLcQvXO9NkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--ufbkrM1bVKpsYGJUc4X3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-9iNt-yVWjG30zttVkf5Otg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--eF47tD65pjVErkOxSX5UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-u3YkQSb9qDB_3vk48UIafA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yh5SCX6sRCWpnI0AoBsnTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-dOBJjIcY92ieSiGfutsxMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oGA6LjpXoxj_vY_i4PD0yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://*.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 object-src 'none';base-uri 'self';script-src 'nonce-YX1CpvD2MdaZaaUyBdfFkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MqVRVTwR5xM5J6Mn32bT7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Oc7AAWupvCY5GZ5sO56zDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-OjceOqy6vAUVU8Sxyvu0EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-y95If_TT21RawmAb88XxAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yp8D_9VXa67i2lwBu7xwyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LOP5wQkwSfWsZjaViFyvLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ptxsRdjc14oQhUsdsdWCGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com ws.zoominfo.com www.google.com www.googletagmanager.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-cXOISKa45z_XX4kDC1JgJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5NWos_Mr7xY_5VRDFnMohA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-rgWes9v6ifXv0M7s-yt4uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-uFeHekpnQ_n_E_Kn3ykWFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QRWjzq2PGdISrA0YmhgBAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wEthHU5uoE85ZNsDHJ9L5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-6286253-6761602:rid=4G9E3Y2E5VN4V342J7GF:sn=www.acx.com 1 object-src 'none';base-uri 'self';script-src 'nonce-kuDRGycv3e2OlP3rt5WJOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PMzxS45rh1phu--qSSuJew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LtIIZDfHkms5EjCw443OMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xE40917-QGf_DXq-Etw3xQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'nonce-5i51Xn8uqQEHkCtzqHVQmw==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-media.openlearning.com https://media.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; report-uri https://o144378.ingest.sentry.io/api/4503997018275840/security/?sentry_key=3e8067ef74184915a686caf1ecfabda0&sentry_environment=live; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co vimeo.com; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com *.tableau.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-361a17f62a71bd7e20c5f81531011828' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net unpkg.com *.fontawesome.com *.newrelic.com *.atlasante.fr bam.eu01.nr-data.net; script-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net *.facebook.net unpkg.com *.fontawesome.com *.newrelic.com *.atlasante.fr bam.eu01.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' sante.fr *.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.cloudflare.com googletagmanager.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com gstatic.com *.gstatic.com *.adform.net unpkg.com *.fontawesome.com *.newrelic.com *.atlasante.fr bam.eu01.nr-data.net 'unsafe-inline'; img-src * data:; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * data:; report-uri /report-csp-violation 1 default-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net lesta.ru *.lesta.ru *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://www.googleoptimize.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net lesta.ru *.lesta.ru https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net lesta.ru *.lesta.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://tanki.su https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 report-uri https://www.yelp.com/csp_report_only?id=6d12f6c093c10535&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1685929769; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 object-src 'none';base-uri 'self';script-src 'nonce-CmhYDuPyj1wWc4K3tF5MwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; script-src 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-E3WKrO9U3JSzykRYyu2OWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YcEYSVky1QFuYa2iVqLwxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-AZfi6rcL1zrPBrYecnvayw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-zubSAQqAmbaRGTqv9JkBjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PLWovIhmkdzhYf75BnhQHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-qNHbSD8Jr5GGbkZy0kYD4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-THj19AW4U4nV60YV0F8oJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-P10Qa-0PW1JslSueYUFyag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-n2N-R_HbR34-1GSld3Sj1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0rPCZwsoyDXtkzaJlZ8ItA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-_tvTRU0hAueL8yl-tbPjww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ra6m1tsQouGALvGX4mUQyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: geo.cardinalcommerce.com moneygram.pxf.io region1.google-analytics.com digitalfeedback.us.confirmit.com www.google.es www.google-analytics.com c0.adalyser.com moneygram.vc.hr www.redditstatic.com sc-static.net www.tp88trk.com c.az.contentsquare.net tr.silverpush.co wa.appsflyer.com www.google.de api.onfido.com moneygram-intl.ingeniuxondemand.com kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.com *.snapchat.com *.googleadservices.com websdk.appsflyer.com location.gomoxie.solutions *.cloudfront.net www.google.fr d.turn.com consent-pref.trustarc.com flask.nextdoor.com *.clarity.ms *.licdn.com k-us1.az.contentsquare.net creatives-cdn.appsflyer.com www.google.com.ph bat.bing.com js.smct.io *.emjcd.com impressions.onelink.me www.google.co.uk *.gstatic.com www.google.co.ve *.googleapis.com *.doubleclick.net wa.onelink.me *.moneygram.com *.facebook.net *.sitescout.com conversions.clickmeter.com *.facebook.com *.wlp-acs.com consent.trustarc.com ipl.smct.co www.google.it www.googletagmanager.com asset.gomoxie.solutions pix.pub includes.ccdc02.com *.dotomi.com www.google.ca adservice.google.com www.google.com.au *.adsrvr.org www.google.com.sa alb.reddit.com *.googlesyndication.com smct.co www.google.com.ng *.linkedin.com events-moneygram.gomoxie.solutions www.woopra.com ls.smct.io cdn.appsflyer.com writer.cardinalcommerce.com cdn.linkedin.oribi.io s.yimg.com ads.nextdoor.com www.upsellit.com clickmeter.com q-us1.az.contentsquare.net js.smct.co hosted.where2getit.com www.google.com.mx banner.appsflyer.com sp.analytics.yahoo.com centinelapi.cardinalcommerce.com six.cdn-net.com t.contentsquare.net cdnjs.cloudflare.com up.pixel.ad ipl.smct.io l.contentsquare.net tags.rd.linksynergy.com drs2.veinteractive.com cognito-identity.eu-west-1.amazonaws.com utt.impactcdn.com www.ojrq.net *.salesforceliveagent.com; form-action geo.cardinalcommerce.com *.moneygram.com *.facebook.com *.salesforceliveagent.com *.wlp-acs.com; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-FrDX752PpOfsve/1XMaWAQ=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 object-src 'none';base-uri 'self';script-src 'nonce-SH6pQuilMUZ6QegT3WRsDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 object-src 'none';base-uri 'self';script-src 'nonce-pkLy1EmDQxhMVrEOdOqPmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-DvQpIHPSKzkR0UYvxtpcdA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-afTjx_YR8YpN4jqWwo3jAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Zff-zp0J-TzMTm6vBMb7Rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oGBjlHKsirgxCvFxZ-yOxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' app.contentsquare.com t.contentsquare.net *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1 object-src 'none';base-uri 'self';script-src 'nonce-MqkZ6C2ET2QVrSElwusTzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-cProeirA2O0UHyN9AYiJwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--Bl4u_ze2KA5kLKtA6CwNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-zIvfAidzDCdRBnzku-pUhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-XavMrL7ZT4XPhKftq2L-xA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--X15JIP8LnuKcuixDgyQGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self';script-src-elem 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.googletagmanager.com/gtag/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://x.clearbitjs.com/ https://reveal.clearbit.com/ https://tag.clearbitscripts.com/ https://cdn.koala.live/ https://app.leandata.com/ 'nonce-96730aafe064273b';report-uri /api/report_csp_violation;object-src 'none';form-action 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-WnL0Zz68ctGs91bvjyg1kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-vZg9xtwqVtJ+cAzM950soQ==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-5REd/sHmqMB/tU1vbVjeYA=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 object-src 'none';base-uri 'self';script-src 'nonce-i1GIjZMlLhc61acxttGqwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Pl76RSqGpe4CiF18IeTQ2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TT0uQp61j5sZOOspGVXaPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com adgrx.com demdex.net dpm.demdex.net adyen.com ads.yieldmo.com sync-criteo.ads.yieldmo.com *.amazonaws.com www.dwin1.com adnxs.com ib.adnxs.com secure.adnxs.com attentivemobile.com events.attentivemobile.com attn.tv *.audioeye.com bidswitch.net x.bidswitch.net *.bing.com *.btttag.com *.bluecore.com bluekai.com tags.bluekai.com *.bounceexchange.com bounceexchange.com bouncex.net events.bouncex.net *.creativecdn.com certona.net edge1.certona.net www.res-x.com *.cloudfront.net cloudfront.net *.coach.com coach.com *.coachoutlet.com cohimg.net img1.cohimg.net cnstrc.com *.cnstrc.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com w55c.net *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com v.fwmrm.net *.google.com www.google.com.pr www.google.ie www.google.com.au www.google.vg www.google.de www.google.com.ph www.google.es www.google.co.th www.google.ci www.google.com.pa www.google.co.kr www.google.com.hk www.google.co.ls www.gstatic.com fonts.gstatic.com www.google.co.in www.google.co.jp www.google.com.co www.google.com.pe www.google.ca www.google.ae www.google.com.vn www.google.com.ar www.google.com.br www.google.co.ve www.google.com.mx www.google.com.ni www.google.com.ua www.google.as www.google.com.jm www.googleadservices.com googleapis.com *.googleapis.com cloudfunctions.net *.cloudfunctions.net www.googletagmanager.com www.google-analytics.com 360yield.com ad.360yield.com casalemedia.com *.casalemedia.com ivitrack.com jsdelivr.net *.jsdelivr.net klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com *.klarnaservices.com linksynergy.com *.linksynergy.com liadm.com *.liadm.com addressy.com api.addressy.com pcapredict.com tapes11111.pcapredict.com crwdcntrl.net media.net contextual.media.net mathtag.com mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com *.mountain.com mountain.com micpn.com *.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com onetrust.com *.online-metrix.net *.optimizely.com optimizely.com outbrain.com sync.outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com pinterest.com *.pinterest.com pdst.fm cdn.pdst.fm *.powerreviews.com pubmatic.com simage2.pubmatic.com *.quantummetric.com quantummetric.com rmp.rakuten.com tag.rmp.rakuten.com rmtag.com intljs.rmtag.com rlcdn.com *.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com my.salesforce.com *.my.salesforce.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com *.shoprunner.com *.shoprunner.io signifyd.com *.signifyd.com sitescout.com smartadserver.com rtb-csync.smartadserver.com sc-static.net *.snapchat.com stylitics.com *.stylitics.com loopassets.net qa-specops.loopassets.net taboola.com sync-t1.taboola.com tangiblee.com *.tangiblee.com tapad.com tapestry.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com adsrvr.org *.adsrvr.org tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co ad.smaato.net s.ad.smaato.net clmbtech.com ade.clmbtech.com mdhv.io jelly.mdhv.io postcodeanywhere.co.uk services.postcodeanywhere.co.uk rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai wyng.com cdn.wyng.com *.yext-pixel.com *.adyen.com *.attn.tv *.cquotient.com *.onetrust.com cloudflare.com cdnjs.cloudflare.com coach.comis images.coach.comis a.bigcontent.io *.a.bigcontent.io api2.fonts.com dynl.mktgcdn.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com api.bluecore.app *.drivecommerce.com visitor.omnitagjs.com matching.ivitrack.com ad.tpmn.co.kr tg.socdm.com *.shoppinggives.com *.loveslisa.tech *.iesnare.com *.cloudinary.com *.yahoo.com consent.nxtck.com consent.mediaforge.com consent.jrs5.com consent.nxtck.com consent.mediaforge.com consent.jrs5.com *.smooch.io *.my.salesforce-sites.com *.drrv.co *.googlesyndication.com tapestry.support jira.tapestry.support *.needle.com *.mapbox.com www.upsellit.com *.stuartweitzman.com shareasale.com api.fillr.com smct.co edgeshoppingstatic.azureedge.net api.bounce-commerce.de preview.babylonjs.com *.instagram.com youtube.com rstyle.me tracking.narvar.com www.out.com www.cosmopolitan.com www.ecosia.org slooks.top *.reddit.com *.rakuten.ca www.groupon.com shrturl.site www.byrdie.com www.tsawwassenmills.com www.lyst.com www.retailmenot.com www.shopittome.com www.dealmoon.com appium.io mobile.ebates.com www.elle.com www.55haitao.com www.latimes.com theeverygirl.com www.instyle.com gateway.studentbeans.com www.refinery29.com clothedup.com nymag.com www.affirm.com *.qualtrics.com data: blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-_6-B_dHZOoeOD_RtbDxZeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blueconic.net *.blueconic.net siteimproveanalytics.io *.siteimproveanalytics.io siteimproveanalytics.com *.siteimproveanalytics.com googleadservices.com *.googleadservices.com google.com *.google.com youtube.com *.youtube.com wwu.edu *.wwu.edu technolutions.net *.technolutions.net tableau.com *.tableau.com googleusercontent.com *.googleusercontent.com vimeocdn.com *.vimeocdn.com windows.net *.windows.net github.io *.github.io googletagmanager.com *.googletagmanager.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net; report-uri https://www.wwu.edu/report-uri/reportOnly 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-TwXvdPjuExjjr3o6rvU1qg=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 default-src 'self' *.antpedia.com v.antwebinar.com hmcdn.baidu.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; upgrade-insecure-requests; frame-src https://*.qq.com https://*.antpedia.com webcompt:; 1 default-src 'none'; connect-src 'self' data: *; font-src 'self' https://fonts.gstatic.com; img-src 'self' * data: blob: 'unsafe-inline'; media-src 'self' * data: blob: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-IXf9wtBghiaDuw9QYILeNEOX'; style-src 'self' 'unsafe-inline' *; report-uri /marketplace/api/csp-report 1 base-uri 'self'; script-src 'report-sample' 'self' 'nonce-xlFwaKXdp3NYEGSlb6SbagHJURz+05BFmaZzs9ZRZiQ=' 'unsafe-eval' blob: https://*.codingame.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.usemessages.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://tracking.g2crowd.com https://apis.google.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.welcomekit.co https://www.youtube.com https://www.slideshare.net https://vimeo.com https://techiotest.disqus.com https://techio.disqus.com https://disqus.com https://c.disquscdn.com https://*.privacymanager.io https://query.yahooapis.com/v1/public/yql; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' https:; img-src blob: data: https:; connect-src https: wss:; frame-src https://*.codingame.com https://*.codingame-app.com https://disqus.com https://www.facebook.com https://www.google.com https://www.youtube.com https://m.youtube.com https://player.vimeo.com; frame-ancestors 'self'; media-src https: data: blob:; object-src 'none'; form-action https://coderunner.codingame.com https://www.facebook.com/tr/ https://translate.google.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1990d17bff20213f8c92c64ac7b34136&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acommunity-webapp%2Cenv%3Aproduction 1 block-all-mixed-content; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com; report-uri https://www2.uni-wuerzburg.de/rz/csp-report-uri/ 1 object-src 'none';base-uri 'self';script-src 'nonce-LAX4No0ZDVtKCKMC5ArhYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bX2vIy98qnA0CR5u1hqx_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-c_H22HM0s28Jql3nKEhjSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-VrefLt23J_-MaUjfQ3oyGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ai.asapp.com *.wistia.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com munchkin.marketo.net static.ads-twitter.com googleads.g.doubleclick.net www.google.com analytics.twitter.com app-sj32.marketo.com src.litix.io www.googleanalytics.com www.googleoptimize.com optimize.google.com unpkg.com scout-cdn.salesloft.com cdn.segment.com; style-src 'self' 'unsafe-inline' ai.asapp.com pro.fontawesome.com fonts.googleapis.com app-sj32.marketo.com optimize.google.com; font-src 'self' data: pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: www.google-analytics.com www.googletagmanager.com optimize.google.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' ai.asapp.com www.google-analytics.com stats.g.doubleclick.net *.wistia.com embedwistia-a.akamaihd.net *.mktoresp.com *.mktoutil.com *.litix.io *.lever.co scout.salesloft.com cdn.segment.com api.segment.io; frame-src ai.asapp.com bid.g.doubleclick.net app-sj32.marketo.com fast.wistia.com www.googletagmanager.com optimize.google.com youtube.com www.youtube.com; object-src embedwistia-a.akamaihd.net embed-fastly.wistia.com; worker-src blob:; frame-ancestors 'self' asapp.northpass.com; report-uri https://asapp.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-L08pVDk-CH_XlMycJb2bYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data: blob: www.cbs.nl cdn.cbs.nl www.cbs.nl odata4.cbs.nl cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com analytics.eu.kaltura.com cfvod.eu.kaltura.com api.eu.kaltura.com api.cdnjs.com vodcdn.eu.kaltura.com api.usabilla.com opendata.cbs.nl dataderden.cbs.nl www.pingvp.com www.google.com geodata.nationaalgeoregister.nl public.tableau.com localfocus2.appspot.com cbsnl.maps.arcgis.com ec.europa.eu livecdn.eu.kaltura.com d6tizftlrpuof.cloudfront.net api.pdok.nl service.pdok.nl ;img-src 'self' data: blob: www.cbs.nl cdn.cbs.nl www.google-analytics.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net w.usabilla.com cfvod.eu.kaltura.com cbs.piwik.pro validator.swagger.io api.pdok.nl service.pdok.nl public.tableau.com *.tile.openstreetmap.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.cbs.nl cdn.cbs.nl api.eu.kaltura.com w.usabilla.com api.usabilla.com cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com api.cdnjs.com cbs.piwik.pro cbs.containers.piwik.pro www.google-analytics.com api.pdok.nl analytics.eu.kaltura.com d3js.org www.google.com www.gstatic.com public.tableau.com ajax.googleapis.com d6tizftlrpuof.cloudfront.net ;style-src 'self' 'unsafe-inline' www.cbs.nl cdn.cbs.nl cdn.jsdelivr.net cdnjs.cloudflare.com d6tizftlrpuof.cloudfront.net;report-uri /cspreport;font-src 'self' data: www.cbs.nl cdn.cbs.nl cdnjs.cloudflare.com api.eu.kaltura.com d6tizftlrpuof.cloudfront.net 1 form-action www.rsa3dsauth.co.uk ee.co.uk *.snapchat.com *.ee.co.uk; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.tiktok.com region1.analytics.google.com ee.co.uk www.dwin1.com *.gstatic.com *.ee.co.uk *.demdex.net assets.adobedtm.com js.smct.co www.google.co.uk fonts.smct.io ee.15gifts.com bat.bing.com events.smct.co collection.decibelinsight.net www.google.ie www.google.ro www.google.com *.googlesyndication.com www.googletagmanager.com www.youtube.com *.doubleclick.net bt-token.ecustomersupport.com www.google.es *.online-metrix.net www.google.gr *.snapchat.com client-analytics.braintreegateway.com www.google-analytics.com cdn.smct.io lpcdn.lpsnmedia.net ep.smct.co fonts.gstatic.com ee.cloud-iq.com translate.google.com www.google.pl *.everesttech.net www.rsa3dsauth.co.uk www.gov.uk www.awin1.com *.liveperson.net smct.co ls.smct.io 3dsportal.ecustomerpayments.com *.omtrdc.net alb.reddit.com cdn.nowinteract.com *.ads-twitter.com *.youtube-nocookie.com cognito-identity.eu-west-1.amazonaws.com ee.real-digital.co.uk pixel.tapad.com accdn.lpsnmedia.net maps.gstatic.com cdn.decibelinsight.net cdn.honey.io *.facebook.com *.facebook.net *.pinterest.com udc-neb.kampyle.com firehose.eu-west-1.amazonaws.com js.smct.io www.google.co.in payments.braintree-api.com track.uniqodo.com *.cloudfront.net wss://collection.decibelinsight.net www.google.hu t.co i.ytimg.com consent.trustarc.com analytics.google.com tracking.audio.thisisdax.com resources.digital-cloud-uk.medallia.eu 15gifts-public-assets.s3.amazonaws.com *.twitter.com www.google.fr adservice.google.com www.google.de *.googleapis.com sc-static.net consent-pref.trustarc.com *.googleadservices.com the.sciencebehindecommerce.com md-scp.kampyle.com *.paypal.com ee-tagging.s3.amazonaws.com www.redditstatic.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: seoab.io cdn-yotpo-images-production.yotpo.com www.google.co.id *.pinterest.com *.kmart.com.au webservice.salefinder.com.au zip.co www.google.com.sg translate.google.com www.google.com.bd www.google.co.uk embed.salefinder.com.au gateway.zscalerone.net www.couponscdn.com dc.oracleinfinity.io surveys-static.survicate.com *.opendns.com mycardsecure.com cdn.honey.io gateway.zscalertwo.net cdn.truefitcorp.com www.google.co.th api-cdn.yotpo.com staticw2.yotpo.com geoissuer.cardinalcommerce.com www.googletagmanager.com salefinder.com.au www.google.lk *.americanexpress.com yotpo-stool.s3.amazonaws.com www.google.ie api.yotpo.com kmartau.mo.cloudinary.net *.tealiumiq.com www.google.com.au rapid-cdn.yottaa.com *.doubleclick.net www.google.com.fj shopping.qantas.com *.gstatic.com bat.bing.com web-writer.sg.smartlook.cloud *.facebook.com *.paypal.com i.ytimg.com *.googleapis.com *.googlesyndication.com www.google.de www.google.co.nz www.google.co.in apis.google.com www.google.nl paydock.as1.gpayments.net consumer.truefitcorp.com www.google-analytics.com p.yotpo.com www.google.fr www.securesuite.co.uk druidbotservice.prod.druidprod.a-kmtkmg.net druidapi.prod.druidprod.a-kmtkmg.net databridge.tdbtrk.com c.oracleinfinity.io *.trendmicro.com www.google.com.my applepay.cdn-apple.com bam.nr-data.net analytics.google.com api.paydock.com respondent.survicate.com *.custhelp.com ac.cnstrc.com widget.paydock.com web-writer.eu.smartlook.cloud *.optimizely.com cdn-quick-ar.threedy.ai lh3.ggpht.com cdn.jsdelivr.net adservice.google.com *.snapchat.com *.flashtalking.com 50.xg4ken.com www.paypalobjects.com www.youtube.com www.rsa3dsauth.co.uk qoe-1.yottaa.net www.google.es www.google.com.ph *.tiktok.com kmart.com.au www.google.com.hk static.queue-it.net www.google.ca secure7.arcot.com survey.survicate.com *.googleadservices.com manager.eu.smartlook.cloud images.ctfassets.net www.google.com embed.salefinder.co.nz *.pinimg.com cnstrc.com use.typekit.net jonypractic.net ssl.google-analytics.com *.alicdn.com sc-static.net *.facebook.net *.cloudfront.net unpkg.com assets-proxy.smartlook.cloud quick-ar.threedy.ai zip-co-media.s3.ap-southeast-2.amazonaws.com kma-cdn.truefitcorp.com assets.queue-it.net maps.gstatic.com web-sdk.smartlook.com www.google.com.pg web-writer.us.smartlook.cloud druidapc.prod.druidprod.a-kmtkmg.net js-agent.newrelic.com; form-action *.snapchat.com *.facebook.com *.pinterest.com *.kmart.com.au; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Eplz0H5Ef7JbDvbRI1gqzg=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 object-src 'none';base-uri 'self';script-src 'nonce-80PD01WxqgOWZb3fIglDjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-OhRQdjS1A7IX27J7kj7C1w=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 form-action *.imss.gob.mx; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com js-agent.newrelic.com *.imss.gob.mx clients1.google.com *.gstatic.com framework-gb.cdn.gob.mx fecdn.user1st.info code.jquery.com *.googleapis.com www.google-analytics.com *.doubleclick.net ssl.google-analytics.com www.youtube.com *.facebook.net *.twitter.com bam.nr-data.net; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.instagram.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.instagram.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.instagram.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.instagram.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1 frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=0baa1ef370c1d590 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.snapchat.com hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net *.tiktok.com *.snapchat.com *.appsflyer.com hcaptcha.com *.hcaptcha.com https://*.eu01.nr-data.net; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-dbW0X+nVHkKlc7YlxpZZAw==' 'sha256-02W9n3ckGFKcDjNtbYC3kuvESXSWCT4OaOq8UMFdunA=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-FIhX+YlCX/mDgfVKSE47aYd0Shmm38UT5k6gKibikZ0=' 'sha256-oWvABwJt4njePH3WTG1tK7fhmXCszKRFtLeOUbnpPpQ=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' https: hcaptcha.com *.hcaptcha.com; 1 img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1 default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co/6si.min.js https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://js.hsleadflows.net https://js.qualified.com https://maps.googleapis.com https://rum-static.pingdom.net https://*.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://*.hotjar.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https